A conference recap from SnowFROC 2026, Denver's OWASP event, covering key AppSec themes across four sessions. Tanya Janca's keynote argued that insecure code is a human behavior problem, advocating for secure defaults and environmental design over blame. Chris Lindsey examined the modern threat landscape, emphasizing trust as the primary attack vector and calling for disciplined ROI-based security spending. Jenn Gile detailed npm's ongoing account takeover crisis, explaining how malicious packages exploit trusted upgrade habits and recommending lockfiles, scoped credentials, and supply chain playbooks. Airbnb's Mudita Khurana presented a scalable AppSec model combining unified CLI tooling, LLM-assisted security review, and a career-ladder-backed security champions program. The overarching theme: security works best when embedded at the point of decision, trust boundaries must be tightened, and mature programs build feedback loops that continuously improve defaults.
Table of contents
The Human Layer in Secure DefaultsTrust Has Become a Supply Chain Primitivenpm’s Crisis Is Really an Operations StoryScale Comes From Systems, Not HeroicsSecurity that lives where decisions happenMile High City LearningsSort: