If you've ever listened to the AA Podcast (Absolute AppSec that is), you may have heard how GitHub is AppSec Fantasyland (or something similar). This presentation will tell you how that is true ... and how it's not. We will talk about what makes GitHub AppSec FantasyLand and why sometimes it isn't. We'll talk about what we've done at GitHub "to make AppSec suck less" (if that's your bar for a fantasy land). We'll also talk about the challenges we still face in making AppSec at GitHub the promised land some dream it to be.
