The overall goal of Application Security Stable Counterparts is to help
integrate security themes early in the development process. This is intending
to reduce the number of vulnerabilities released over the long term.
These Stable Counterparts can be found on the Product Categories page, next to the "Application Security Engineer" mentions.
Stable Counterparts can be added or updated by following these steps:
data/stages.yml, setting the
Firstname Lastnamein each group
STAGE_NAME (GROUP_A, GROUP_B)
There are cases where the Application Security team isn't involved as at the level that the security team would like to, and many factors can lead to that situation. In cases where one is the Stable Counterpart it can be even more difficult to stay up to date on what is happening on each group.
One change in how to approach that for some team members was to setup bi-weekly sync meetings with a member of the engineer team and discuss security releated topics. This has started to work on the first meeting and enabled the Application Security to cover important issues that would not necessarily be seen without this change.
On other cases setting up regular meetings with a dedicated engineer on a very specific topic may also help in staying up to date. In doing that we were able to review issues on new important planned features.
Here are some verbatim answers, capturing how AppSec does (or did) Stable Counterparts in May 2023.