@joshbressers @kurtseifried Listened to the latest episode, what you're describing about "actionable security by developers" is what my PyCon Taiwan keynote was about. One of the difficulties was providing things that developers (OSS and commercial) could do without approval or spending more time/funds.
@joshbressers @kurtseifried The advice included: learning and sharing stories, knowing your software inventory, knowing EOL/support lifespan for major software components, verifying software in motion, static analysis for insecure usage, better testing with warnings enabled, backwards incompatible changes for insecure defaults, better conversations w/ maintainers.
@sethmlarson @kurtseifried Is your keynote somewhere I can watch it by chance?
@joshbressers @kurtseifried Unfortunately not around to watch yet, my slides are available: https://sethmlarson.dev/pycon-taiwan-2024