Third party applications can pose a significant risk to a company. You are forced to trust the maintainer with sensitive data and access to internal networks. As a company scales, managing security across a fleet of third party applications becomes difficult. Salesforce has reviewed over 4000 applications in the process of securing all apps listed on our AppExchange. Participants will learn the best practices around tooling, processes, and manual reviews that work at Salesforce. These practices have prevented thousands of vulnerabilities from reaching victims, and are flexible enough to mature as the threat landscape changes (goodbye TLS 1.0, hello credential stuffing). Through a combination of automation, manual review, and well defined processes, you can drive down risk for your company.