Keynotes



Asankhaya Sharma
Dr. Asankhaya Sharma is the co-founder and Chief Technology Officer at Patched.codes, a deep-tech startup with the vision to automatically fix every software vulnerability in code. Dr. Sharma is a well known technology expert, author, and public speaker. He has more than 15 years of experience in the technology and software development fields holding technical leadership roles at startups and large enterprises. Prior to Patched.codes he was the global director of innovation and incubation at Veracode, an application security company. Before that, he was the head of R&D at SourceClear, acquired by CA Technologies in 2018, the first software security company focussed on open-source security and software supply chain. He has a PhD in Computer Science from the National University of Singapore, NUS, and has been an Adjunct Professor at the Singapore Management University, SMU, and the Singapore Institute of Technology, SIT.

Abstract:Large enterprises struggle with software vulnerabilities; complex systems, slow patching, and poor risk prioritisation lead to security weaknesses, breaches, and data exposure. In this talk, we will show how one can leverage recent advances in LLMs and generative AI to create and validate private, secure and multiple file fixes that rival even expert developers. State of the art, SOTA, AI open-source models, like StarCoder, for code generation and assistance can enable enterprises to securely and privately remediate vulnerabilities in applications without worrying about risks of using OpenAI APIs. We can now empower security and operations teams to go beyond monitoring and finding issues to being able to actually fix them, even when they do not have developer experience or access. In the near future, we foresee a world where developers are no longer the sole bearers of the application security burden - A DevLess, developer-less, Security world.

Bernard Tan
Bernard is a Director in GovTech leading the GovTech Cybersecurity consultancy team to provide risk-based consultancy services to architect the cybersecurity of Nationwide and Governmentwide strategic projects that have application services span across on-premise, hybrid and commercial cloud environment. Through his 18+ years in the public sector, he has undertaken various cybersecurity roles and projects in areas of Homeland security. He held key roles such as Chief Information Security Officer (CISO) and advised on various Home Teams wide projects, established common ICT Security Governance and Security Architecture. He was also appointed as security advisor in audit and risk committee to provide security guidance to the home team's audit steering committee. He is certified ISC2 (CISSP, ISSMP, ISSEP, ISSAP, CCSP, CSSLP, CGRC), ISACA (CISA, CDSPE), ECCouncil (CEH, CHFI), AWS(SAP, SAA, Security Speciality), Microsoft (Cybersecurity Architect Expert, Azure Security Engineer Associate), Scrum Alliance(CSM, CSPO), API Academy (Security Architect, Product manager).

Abstract:What makes software great? Is it because its anatomy can be simple, complex, or both? Or could it be because of its soft nature, or fragile if you wish? While these are positive characteristics, they inadvertently increase a software's attackable surface area. As software becomes more complex, fragile and 'softer', cyber adversaries have more opportunities to exploit and cause damage. Developers must balance between developing software quickly and securely while ensuring its fragility is not exploited. This sharing will discuss the different software fragility archetypes and explore the "Wellness" option to strengthen a software's anatomy with a sustainable, secure, robust foundation.