Even if IEC 62443 provides a process maturity level, how can we gradually move closer to the overall qualified standard in the face of different generations of products within the enterprise and the characteristics of the product life cycle in OT field.

This session shares how we use the activities of the Product Security Incident Response Team (PSIRT) as feedback to SSDLC. Use vulnerability handling activities to review the product process from requirements, design, implementation, testing and verification to make the process more mature and complete.

In this talk, we will explore the core concepts and goals of Security Code Review and share how Synology systematically detects security issues. We will introduce the technical details of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), including text search, semantic search, code analysis tools and fuzz testing.

We hope that these examples will help the audience to have a more intuitive understanding of the testing techniques, and at the same time enhance the audience's knowledge of code security, so that they can utilize what they have learned to more effectively protect the security of their products and services.

This speech mainly explores how to effectively identify, evaluate, and respond to cybersecurity threats from the perspective of a Project Manager (PM), ensuring that projects and products do not become targets of hackers. The speech will cover the following main parts:

1. The intersection of cybersecurity and project management: Discussing the current cybersecurity challenges faced and highlighting the critical role of PMs in cybersecurity strategy.

2. Personal case studies sharing and analysis on how to avoid similar situations.

3. How PMs can learn about cybersecurity: Sharing how PMs with a business management background can learn about cybersecurity concepts and related technologies.

This lecture will combine my rich experience in project management, product development, and information security. The goal is for PMs to be more confident in handling cybersecurity issues and apply this knowledge in their daily project work.