The Elixir Community: Insights on Security from Holden Oullette

Holden Oullette, a staff application security engineer at OCTA and former security architect at a large Elixir shop called Podium, offers a deep dive into securing Elixir codebases. In his conversation, Oullette speaks about his role in the Elixir community, specifically his efforts in maintaining and optimizing Sobelow, an open-source SAST tool meant for Elixir. He elaborates on the importance of understanding the software development lifecycle, emphasizes the secure-by-design nature of Elixir, and stresses the significance of tackling security from the earliest stages of development. Holden also discusses his contribution to Semgrep, another code security solution, by shipping Elixir support for it and aiming to achieve feature parity with Sobelow. He stresses the value of having multiple tools and options available to enhance security in different coding environments. Moreover, Oullette mentions the small yet welcoming AppSec community and encourages participation in local meetups, open-source projects, and online resources.