A recap of SnowFROC 2026, Denver's Front Range OWASP Conference, covering key themes from 35 sessions. Highlights include Tanya Janca's keynote on developer psychology and secure defaults, Chris Lindsey's talk on trust-based attack vectors and security ROI, Jenn Gile's deep dive into npm account takeovers and malicious package patterns, and Mudita Khurana's model for scaling AppSec at Airbnb using unified tooling, LLM agents, and security champions. The overarching message: security works best when embedded at the point of decision, trust relationships must be tightened across supply chains and non-human identities, and mature AppSec programs need feedback loops that continuously improve defaults.
Table of contents
The Human Layer in Secure DefaultsTrust Has Become a Supply Chain Primitivenpm’s Crisis Is Really an Operations StoryScale Comes From Systems, Not HeroicsSecurity that lives where decisions happenMile High City LearningsSort: