They have influence and the ability to find a bug one day and disclose it the next, so companies must adapt both engineering practices and perspectives in order to ‘navigate the waters of reality’ and not just hope one doesn’t take a look at their product. There’s a whole security industry out there with folks wearing every which hat you can think of. Working with the folks building the products to give them solutions instead of just problems allows one to scale, earn trust and most importantly be effective and actually ship. Having a solid security team enables a company to set a bar, ensure security exists within the design, insert tooling at various stages of the process and continuously iterate on such results. What happens when a company either doesn’t fully empower the Security team, or have one at all? Stuff like Goto fail, Equifax, unsandboxed AVs and infinite other buzz, or yet to be buzzed, words describe failures of not adequately protecting customers or services they rely on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |