046 – ‘We’re Not Getting Better’ When it Comes to Application Security
The central idea behind DevOps is speed: the speed of development, and the speed of delivering and integrating that software into the organization’s operations. This is a good thing.
But of course, it’s not all good. As Joseph Feiman of WhiteHat Security says, “With DevOps, developers are introducing even more vulnerabilities than before.” He says the application security posture isn’t improving, and this calls for action.
Feiman dives into this topic with ActualTech Media’s James Green on this episode of “10 on Tech. ” Find out why Feiman says “We’re not getting better,” and that what’s needed now is “DevSecOps.”
Highlights of the show include:
- The top application vulnerabilities, and why they haven’t changed since 2010
- How long it takes companies to fix critical vulnerabilities like SQL injection attacks
- What DevSecOps means in practice
- The right time in the development cycle to start applying security measures
- What businesses should be focusing on going forward in application security
Resource links from the show:
WhiteHat Security — https://www.whitehatsec.com/
Joseph Feiman biography — https://www.whitehatsec.com/company/leadership/joseph-feiman/
DevSecOps Manifesto — https://www.devsecops.org/