OWASP 2025 Global AppSec EU

Despite our collective efforts, we haven’t managed to harmonize tools and processes. Several projects like ASVS, SAMM and others have attempted information harmony but only the now defunct Glue has attempted tool orchestration harmonization and for good reason, it is a hard problem to solve, almost impossible by volunteers alone.

This session introduces Smithy, the only open-source workflow engine for security tools. Smithy stands as a unifying force for building robust, scalable DevSecOps, and beyond, pipelines. Leveraging Smithy’s support for OCSF-native data formats, we centralized the outputs of disparate security tools into a cohesive data lake, unlocking actionable insights that improved vulnerability prioritization and resource allocation.

The talk will showcase real-world applications, including integrating OpenCRE, Cartography, AI-driven solutions and open-source resources to enhance vulnerability detection accuracy and reprioritization, for free, using ready made community resources.

Whether you're a tech lead, security engineer, or CISO, this presentation offers practical guidance for creating adaptable, data-driven security workflows without breaking the bank.