Slack on scaling static analysis with Semgrep

Erin Browning and Tim Faraci from Slack deliver a presentation at DEF CON 29 AppSec Village, focusing on optimizing developer satisfaction through rapid scan results and encouraging a mindset that extends beyond mere compliance. They address the challenges of handling false positives and emphasize the importance of incorporating scanning into both developer and security workflows. Additionally, they discuss the need for careful calibration of metrics and performance targets to ensure effectiveness and efficiency in security processes.