Applying The Pareto Principle to Software Security
You’re part of an organization with a small development team building a web application, and now you find out your product must be “secure”, whatever that means? Maybe the requirement comes from an auditor, or maybe the CEO heard this at a recent meeting, conference, or prospective customer. No one on your team has security expertise. Where should you start?
Hire an expert? Get training, identify risks and threats, prioritize your findings, design solutions, and implement them? How much time do you have? For those who don’t have the time or money, what would be an easier way to get quick results with long-term improvements via minimal initial investment in time and money? Is there an 80/20 solution for software security? Yes. Incorporate a vulnerability scanner into your software development processes.
Phil explains how to set up a simple vulnerability management program that will give you immediate results, make your application more secure, and improve security within your software development lifecycle. Along the way, you’ll help your team develop security expertise while meeting some likely security compliance requirements. You’ll also learn key criteria in choosing a vulnerability scanner that suits your organization. Most importantly, you’ll learn how to understand those copious reports that the scanner outputs. Then, learn how to turn your scan activity into a vulnerability management program.
Use this talk on vulnerability management as a way to jumpstart your team down the road of learning application security concepts.