Operating security ownership at scale: Twilio’s perspective

In a roundtable discussion between Guy Podjarny, President & Co-Founder of Snyk, and Yashvier Kosaraju, Senior Manager of Product Security at Twilio, the topic of security ownership in organizations adopting DevSecOps practices was discussed. Key points included: 1) The importance of defining clear roles and responsibilities for both development and security teams; 2) Making security tooling accessible and user-friendly for developers; 3) Implementing an early win strategy, such as open source security and Software Composition Analysis (SCA); 4) Establishing a code ownership model to streamline vulnerability management; and 5) Measuring the effectiveness of security tools by tracking metrics like time taken to fix critical vulnerabilities. The discussion emphasized the need for continuous improvement in security practices, with companies regularly aligning their products to meet evolving industry needs.