This last year we have seen a huge uptick in attacks leveraging compromised software as the means of getting exploits to the end points.
With more and more companies relaying on managed services to run their day-to-day operations, understanding the security of the management tools being used and the security practices of those who make the tools is more important than ever.
We have tried for years to close the gap between development, operations and security that journey has led us to what we now call DevSecOps or said the long way Development Security Operations, this has worked to a varying degree but is still not adequate for the increased threat we face.
Just like we preach all the time to focus on the fundamentals, we usually talk about the fundamentals in the context of network, end point and organizational risk, tonight we are going to take a deeper dive into a specific fundamental Development security practices.
How do you develop software that is secure by design? how do you test the software to insure the least possible chance for a vulnerability to slip through into the release? How do you ensure the security of your code base? And do not get me started on the use of 3rd party got from GitHub without understanding what it does beyond the narrow need for a handful of functions. How do you control and manage in a way that is non disruptive to the business, innovation and development velocity?
Is there a way to simplify securing code and ultimately the products that use that code to function?
All this and more tonight on the Security Shit Show with Chris Roberts Evan Francen and myself
10 pm central, 9pm mountain time