Secure by Design: Are We Winning the Fight Against Application Flaws? 

RCA Conference 2025

Speakers: 

Chris Wysopal, Co-Founder & Chief Security Evangelist, Veracode 

Jason Healey, Senior Research Scholar, Columbia University School of International and Public Affairs 

In 2023, CISA launched its Secure by Design initiative to transform how software is developed, aiming to reduce pervasive security vulnerabilities. At the time, industry research revealed a stark reality: 70% of applications contained at least one OWASP Top 10 security flaw. Two years later, how far have we come? 

Join Jason Healey and Chris Wysopal for a data-driven session that evaluates the state of application security. Drawing on fresh industry research, this presentation will reveal the prevalence of OWASP Top 10 vulnerabilities across applications today, highlighting areas of progress and persistent challenges. Attendees will gain actionable insights into where organizations are succeeding, where they’re falling short, and what steps can strengthen the Secure by Design movement. 

This session is essential for cybersecurity leaders, developers, and policymakers committed to building a more secure digital future.