AppSec for Builders: A Manifesto for the Future of Secure Code Development

RSA 2025 emphasized the theme "Many Voices. One Community," promoting collaboration between developers, security engineers, and operations to create secure, efficient software without hindering development speed. Luke O'Malley, Co-founder of Semgrep, introduced a developer-first vision for application security, advocating for an approach that uses AI to augment human efforts while maintaining developer autonomy. This vision is encapsulated in the "AppSec for Builders" philosophy, which focuses on providing guardrails rather than gates, ensuring real-world impact over audit perfection, and leveraging AI for prioritizing tasks. Semgrep's platform facilitates early and frequent collaboration across teams, aiming to shift security from a bottleneck to a shared responsibility. O'Malley highlighted the importance of context in security decisions and the need for tools that are flexible and developer-centric, contrasting traditional compliance-focused tools that often create noise and inefficiencies. The company envisions a future where enhanced collaboration, empowered by AI and modernized tools, naturally integrates security into the software development lifecycle.