About Reeny Sondhi

Reeny Sondhi is Director, Product Security Assurance at EMC Corporation. She is responsible for driving the strategy and execution of EMC’s software security program including EMC’s Security Development Lifecycle, a company-wide initiative to build secure products. She also leads EMC’s common security engineering technologies and the EMC Product Security Response Center, which is responsible for managing and resolving security vulnerabilities in EMC products. Additionally, she has responsibility to lead the security certification strategy and program for EMC products. More ...

Impact of the OpenSSL Heartbleed vulnerability on EMC products

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. Continue reading

How Product Security Protects & Enables Our Customers to Move the Ball

78460200As a sports fan, I have a tendency to compare sports with my daily job. In the case of American football (apologies to readers who don’t follow), I always compare the role of the offensive line in protecting and supporting their quarterback to make plays to the role product security plays in protecting and enabling our customers to do business. 

During the playoffs I am amazed at how success depends on strategy and specifically how offensive plays called by a coordinator create a successful line to protect the quarterback. A lack of a good offensive line creates risks for the quarterback just as lack of product security can create risks for our customers and make them vulnerable: Continue reading

DevOps & Application Security: People You Need to Know

Eric Baize, Senior Director of the Product Security Office, was recently featured in the Trusted Software Alliance’s 50 in 50 Interview Series along with other stalwarts from the DevOps & Application Security world.

Eric talks about the importance of incorporating software security as part of software programming curricula at universities. He also highlights the importance of software security processes and practices as part of the development lifecycle and the various maturity levels software vendors are at when it comes to applying these practices. Eric covers how vendors and buyers need to work together to make sure that the right software development practices are being applied on the products being procured. Towards the end of the interview he also covers security trends that he believes we will see in the near future.

 Review the list and listen to his interview at: http://trustedsoftwarealliance.com/resources-surveys-and-papers/devops-and-application-security-infographic/

Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to discuss software security evolution at EMC.

Continue reading

EMC’s Approach to Vulnerability Response

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security vulnerabilities found in the product after it has shipped. Continue reading