Posts Tagged ‘product security assurance’

How Product Security Protects & Enables Our Customers to Move the Ball

Reeny Sondhi

Reeny Sondhi

Reeny Sondhi is Sr. Director, Product Security Engineering at EMC Corporation. She is responsible for driving the strategy and execution of EMC’s software security program including EMC’s Security Development Lifecycle, a company-wide initiative to build secure products. She also leads EMC’s common security engineering technologies and the EMC Product Security Response Center, which is responsible for managing and resolving security vulnerabilities in EMC products. Additionally, she has responsibility to lead the security certification strategy and program for EMC products. More ...

78460200As a sports fan, I have a tendency to compare sports with my daily job. In the case of American football (apologies to readers who don’t follow), I always compare the role of the offensive line in protecting and supporting their quarterback to make plays to the role product security plays in protecting and enabling our customers to do business. 

During the playoffs I am amazed at how success depends on strategy and specifically how offensive plays called by a coordinator create a successful line to protect the quarterback. A lack of a good offensive line creates risks for the quarterback just as lack of product security can create risks for our customers and make them vulnerable: (more…)

Software Security at EMC: The Journey So Far

Reeny Sondhi

Reeny Sondhi

Reeny Sondhi is Sr. Director, Product Security Engineering at EMC Corporation. She is responsible for driving the strategy and execution of EMC’s software security program including EMC’s Security Development Lifecycle, a company-wide initiative to build secure products. She also leads EMC’s common security engineering technologies and the EMC Product Security Response Center, which is responsible for managing and resolving security vulnerabilities in EMC products. Additionally, she has responsibility to lead the security certification strategy and program for EMC products. More ...

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to discuss software security evolution at EMC.

(more…)

Secure Product Deployment: A Team Sport

Eric Baize

Eric Baize

Eric Baize is Senior Director of the Product Security Office at EMC Corporation. He leads the Product Security Office with company-wide responsibility for product security and supply chain assurance, covering vulnerability response handling, security development lifecycle implementation, supply chain risk management, coordination of security certifications and integration of RSA technology in EMC products and solutions. More ...

Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. BatonAt EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying the product. The vendor plays a greater role upstream with a focus on adopting secure development practices and in properly handling and responding to vulnerabilities reported on the product. The customer takes the baton from the vendor and plays a larger role downstream by taking the necessary steps to securely deploy and maintain the product. (more…)

Open Group’s New Open Trusted Technology Provider Standard: How Trustworthy are Your Products?

Eric Baize

Eric Baize

Eric Baize is Senior Director of the Product Security Office at EMC Corporation. He leads the Product Security Office with company-wide responsibility for product security and supply chain assurance, covering vulnerability response handling, security development lifecycle implementation, supply chain risk management, coordination of security certifications and integration of RSA technology in EMC products and solutions. More ...

The English saying “You are what you eat”, just like many other aspects of culinary history, has its origin in France and more precisely from Jean Anthelme Brillat-Savarin’s “The Physiology of Taste: Or Meditations on Transcendental Gastronomy” who first wrote

“Tell me what you eat, and I shall tell you what you are.”

In French: “Dis-moi ce que tu manges, je te dirai ce que tu es.”

This week’s release by the Open Group of the Open Trusted Technology Provider Standard (O-TTPS) subtitled “Mitigating Maliciously Tainted and Counterfeit Products” (more…)

SAFECode Welcomes Howard Schmidt

Eric Baize

Eric Baize

Eric Baize is Senior Director of the Product Security Office at EMC Corporation. He leads the Product Security Office with company-wide responsibility for product security and supply chain assurance, covering vulnerability response handling, security development lifecycle implementation, supply chain risk management, coordination of security certifications and integration of RSA technology in EMC products and solutions. More ...

Today, SAFECode announced the appointment of Howard Schmidt as its new Executive Director. At a time when Cybersecurity has become a top priority for governments in the US and around the world, Howard’s experience and reputation will help SAFECode be more effective in promoting proven software assurance practices across the industry and with governments across the world. (more…)