Stop Expecting Magic Fairy Dust: Be Secure By Design
Software developers are screwing up the digital world. Security is often an afterthought, or worse, the job of I.T., who is expected to sprinkle magic fairy dust on an app that magically makes it secure. That’s an impossible ask and forces a perimeter-based security model that cannot succeed in a world of cloud apps, mobile devices, and distributed data. Developers must embrace security by design principles and fundamentally shift their attitude about who is responsible for security. Increasingly, apps get this wrong. In 2015, according to the National Vulnerability Database, an all time high of 75% of high severity vulnerabilities were easy to exploit. And there were more high severity vulnerabilities than ever before. With the advent of the Cyber Independent Testing Lab and similar organizations, companies will have a harder time sweeping crappy security under the rug. This presentation is about concrete steps developers should take to make security a core part of their app.
Patrick has spent ten years building security solutions including firewalls, anti-virus, and intrusion prevention. He ran engineering teams building enterprise cloud software and is now the CEO of IronCore Labs, which makes turnkey developer security solutions.