Life Beyond Spreadsheets: Using DefectDojo to Automate Vulnerability Management at Trade Me
Josh Brodie (Trade Me)
After years of sending many and varied vulnerability reports to different organisations, Josh switched sides to join the Blue Team at Trade Me and suddenly had to deal with the other side of the equation, figuring out how best to triage all of the various sources of vulnerability/security reporting and get that information to the right teams. Enter DefectDojo, an OWASP product which Trade Me is now using to aggregate security information and manage vulnerability lifecycles. This talk will go into the lessons learned while wiring this up and highlight how Trade Me is using this tool to make vulnerability management more manageable.
Josh is a former pentester now on the blue team at Trade Me. After yeeting countless pentest reports into the void, he is now the personification of the “Me Sowing vs. Me Reaping” meme as he has to wrangle security information, alerts and reports into something the organisation can practically use.