Bryan is a PM manager for the 1ES Security and Privacy Tooling team. Their mission: To help Microsoft developers build more secure and trustworthy software, while enabling them to continue innovating as rapidly as possible. Bryan has been in the Developer Security industry for 20 years; prior to 1ES he was a PM in the Security Development Lifecycle (SDL) team and the Microsoft Crypto Board; and prior to Microsoft he was a development manager for HP where he helped to create the analysis tool WebInspect.
The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.
If a security tool catches a critical vulnerability, but also reports 99 other findings that turn out to be false positives, developers are going to ignore everything that the tool reports and then miss the important issues. Bryan Sullivan talks through how you can hone your tooling to separate the signal from the noise.