DZone – Tom Smith – 7/8/18
[Ed. Note: DZone interviewed Mo Rosen, GM, CA Security, Sam King, GM, CA Veracode and Mark Curmphey, CA SourceClear on securing applications and data]
- Let’s make security seamless. Let’s try to take friction out. How to take security and make it first? Ease of deployment. This means self-service security. Helping organizations understand security can be deployed on day one without impacting applications. There is more to cloud security than just compliance. It is important to give people the ability to see what’s going on in the application. Amazing threat intelligence.
- Customers do not have an AppSec scanning service that continually monitors every application and alerts them when malicious activity is suspected. Customers want to have a real-time dashboard to review and have remedies for these application vulnerabilities. We offer Scan and Secure services that can scan every pre-production and production application release automatically. When new issues are found, results are published directly into the customer’s bug database. The customer can view into the highest level of vulnerability and can triage where applicable. The customer can see exactly within their application where the problem exists. Data Theorem’s offering provides sample code to fix the vulnerability identified. Data Theorem can also provide a list of public news articles of other companies who had these types of vulnerabilities exploited in their applications, ultimately, damaging their brands and creating losses to themselves and/or their customers.
- Security is a human problem, due to mitigating the risk of software in applications across the entire development organization. This problem will not be solved until solved by the developer and development team desktop. Developers must get educated. And, this is not addressed at the university level. Like the concept of DevOps, it’s not new, as well as DevSecOps. There is no silver bullet. Call it whatever you want — incorporate security earlier in the SDLC.