Reeny Sondhi is Sr. Director, Product Security Engineering at EMC Corporation. She is responsible for driving the strategy and execution of EMC’s software security program including EMC’s Security Development Lifecycle, a company-wide initiative to build secure products. She also leads EMC’s common security engineering technologies and the EMC Product Security Response Center, which is responsible for managing and resolving security vulnerabilities in EMC products. Additionally, she has responsibility to lead the security certification strategy and program for EMC products. More ...
As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to discuss software security evolution at EMC.
Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security vulnerabilities found in the product after it has shipped. (more…)
In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in the industry on how to bring the best out of these practices to incorporate in today’s more iterative, agile development methodologies that are increasingly popular especially in the new cloud based, big data centric business models.
The opinions and interests expressed on EMC employee blogs are the employees' own and do not necessarily represent EMC's positions, strategies or views. EMC makes no representation or warranties about employee blogs or the accuracy or reliability of such blogs. When you access employee blogs, even though they may contain the EMC logo and content regarding EMC products and services, employee blogs are independent of EMC and EMC does not control their content or operation. In addition, a link to a blog does not mean that EMC endorses that blog or has responsibility for its content or use.