Eric Baize, Senior Director of the Product Security Office, was recently featured in the Trusted Software Alliance’s 50 in 50 Interview Series along with other stalwarts from the DevOps & Application Security world.
Eric talks about the importance of incorporating software security as part of software programming curricula at universities. He also highlights the importance of software security processes and practices as part of the development lifecycle and the various maturity levels software vendors are at when it comes to applying these practices. Eric covers how vendors and buyers need to work together to make sure that the right software development practices are being applied on the products being procured. Towards the end of the interview he also covers security trends that he believes we will see in the near future.
Review the list and listen to his interview at: http://trustedsoftwarealliance.com/resources-surveys-and-papers/devops-and-application-security-infographic/
As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to discuss software security evolution at EMC.
Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security vulnerabilities found in the product after it has shipped. Continue reading
In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in the industry on how to bring the best out of these practices to incorporate in today’s more iterative, agile development methodologies that are increasingly popular especially in the new cloud based, big data centric business models.