Countless software applications are hacked daily. Whether it’s a social engineering attack where the hacker covertly tricks an individual, a broad blast phishing attack, or a brute force attack where the hacker goes straight after vulnerabilities in an application. These attacks that target these types of vulnerabilities are more formally called “zero-day” attacks.
Zero-day attacks are terrifying since it’s not always obvious to an organization that deploys an application that the software itself has these vulnerabilities. We have all heard stories of well known products and systems that we use every day being hacked–from Slack, to Netgear, and to the well known Yahoo! story. But who can blame them, even security companies that make security their business have been hacked. Kaspersky back in June 2015, LastPass in 2015 as well, BitDefender and CyberRoam in 2016. It’s now table stakes that every company that is developing an application has to embed security into its development efforts.
In Netgear’s case they even went so far as to put $15,000 bounty up for grabs for hackers that could find flaws in their software. So as application developers become the new front line of cybersecurity, they need to insert security deeply into every application that they produce. This has caused a new trend to emerge over the years, Development Security Operations (DevSecOps). So, to get an inside look at this trend, we invited an industry thought leader, Alan Shimel, to discuss DevSecOps with us at RSA.
As Editor-in-Chief of DevOps.com, Alan Shimel is attuned to the world of technology. Alan has founded and helped several technology ventures, including StillSecure, where he guided the company in bringing innovative and effective networking and security solutions to the marketplace. Alan is an often-cited personality in the security and technology community and is a sought-after speaker at industry and government conferences and events. In addition to his writing on DevOps.com and Network World, his commentary about the state of technology is followed closely by many industry insiders via his blog and podcast, “Ashimmy, After All These Years” (www.ashimmy.com).
Listen to the full podcast here and hear about today’s cyber threats:
If you liked this podcast, click here to catch other cybersecurity industry influencers on their take of the latest trends.
Follow @ashimmy on Twitter.
Give us a like on SoundCloud and follow us so you’re always up on current events in the world of cybersecurity.