{"id":"a022566b-f89e-4025-bebe-ad239d018602","kind":"sos","name":"Security for small engineering teams","slug":"security-at-startupssmall-teams","url":"https://api.events.ccc.de/congress/2025/event/a022566b-f89e-4025-bebe-ad239d018602/?format=json","track":null,"assembly":"sos","room":"c2d2090b-32f1-48e9-9233-b43de3066aa6","location":null,"language":"en","description":"https://docs.google.com/presentation/d/1DpV4sVjJ__9z0k74aTIG5l8h2qM3nG-9caeSTv6Suig/edit?usp=sharing\r\n\r\nAvailable until day 3 + 7 days. Contains contact and slides.\r\n\r\nThe only skipped slide is the one about rulesets, it also contains an OSS release for compliance work.\r\n\r\n--------\r\n\r\n\r\nHow do you manage security in small software engineering teams or startups (2-50 people)?\r\nWhat did you implement? Which changes did you implement or push for as a security person?\r\n\r\nI previously worked at a small NGO and startup and want to create a space to share experiences.\r\n\r\nInitially, I'll give some insights about what I implemented in the past year, however the goal is to have a discussion.\r\n\r\nTopics might include:\r\n- Fuzzing\r\n- Responsible disclosure (both incoming and outgoing)\r\n- DefectDojo, Dependabot and SecObserve\r\n- GitHub's security features\r\n- Static analyzers ranging from Semgrep to Zizmor\r\n\r\nPut in notes here if you want to join! https://cryptpad.fr/pad/#/2/pad/edit/3iZ8MLCkX9I3xcTsh6uc2LwA/","schedule_start":"2025-12-29T17:00:00+01:00","schedule_duration":"00:50:00","schedule_end":"2025-12-29T17:50:00+01:00"}