If great software is secure software, why are there still so many vulnerabilities? Don’t architects and developers want to build great systems? Software teams today must move fast to compete in the marketplace. They need to inherit functionality, scale, and performance. Can they inherit security as well?
As defenders it is our job to make this inheritance possible. Ideally security inheritance is transparent and inescapable. Chris Wysopal details how defenders can enable developers to create secure software through coaching, shared code, and services.
Chris Wysopal is cofounder and CTO of SaaS application security company Veracode, which was recently acquired by CA Technologies. Chris is one of the original vulnerability researchers and a member of the hacker think tank the L0pht. He has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. Chris published his first security advisory in 1996 on parameter tampering in IBM’s Lotus Notes and has been trying to help people not repeat this type of mistake for 20 years. He is also the author of The Art of Software Security Testing (Addison-Wesley).
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org