5 essential steps to shift security left (Episode III) – Avoid false alarms
Continuing our 5 part series on DevSecOps, this week we explore Step 3: Avoid false alarms.
One of the things we love best about living in a world built around automation, is the ability for machines to take control of tedious and often, mundane tasks. Think about your day-to-day life. From the moment you wake up in the morning until you lay your head down to sleep at night, your life is controlled by automation that is meant to make life easy.
Smart coffee makers allow you to control the timing of your favorite hot beverage from your smart phone, in an instant. Today’s toothbrushes tell you when to start and stop brushing and will even let you know when you replace them.
The modern home is a smart home that comes with everything, from thermostats that learn your preferred temperature, to lighting that automatically adjusts based on conditions such as occupancy or daylight. Even watering and feeding plants and animals is now automated.
Additionally, virtual assistants like Siri and Alexa have become invaluable members of the family that are always listening (somewhat unsettling, I know) and are at our beck and call, day or night to do things like pay bills, buy movie tickets, set reminders and alarms, give directions, play music, make calls, and a variety of other tasks we used to have to do manually.
And when you are done for the day, your smart bed is ready and waiting for you to monitor your health, sleeping habits and automatically adjusts to help you sleep better.
All this to say, that automation is embedded in our daily lives, and while there are many positives, it is not without fault. Take for instance in the IT world, where automation is cautiously applauded and desired. Running manual security checks is a thing of the past, but developers are still fearful of false positives. When is the alert a real threat and when is it just white noise? This is reminiscent of the classic ‘boy who cried wolf’ story. Catching security defects and vulnerabilities is critical, but how do you avoid false alarms that threaten your team’s efficiency and resources?
In Step Three of 5 Essential Steps to Shift Security Left, Tim Jarrett, Director of Product Management at CA Veracode, helps shed some light on how to avoid false alarms during application security testing and the impact on a business. Check out the video to learn more and to make accuracy synonymous with your testing.