From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
Hey Jim, what’s your opinion on security champions? Any experience with that concept?
I think it’s fundamental, especially in big companies where dev’s massively outnumber AppSec staff. Identifying, promoting and supporting dev’s who deeply understand security and communicate well with other dev’s on security - is fundamental to good AppSec programs!
Thanks :) from my experience it’s not that easy to persuade decision makers into freeing up resources for this, but I’m also convinced that it’s an important way to transport the message of implementing security at all stages.
The only time I struggle to persuade decision makers to support security champions is when an AppSec program is n shambles in the first place. If I was to start a program where dev security was a mess, I’d start with DevOps style scanning and developer education.
United States 트렌드
- 1. National Guard 260K posts
- 2. Thanksgiving 481K posts
- 3. Cease 16K posts
- 4. Arsenal 487K posts
- 5. Liverpool 155K posts
- 6. Blood 177K posts
- 7. Slot 128K posts
- 8. Blue Jays 5,023 posts
- 9. Bayern 251K posts
- 10. Frank Ragnow 8,605 posts
- 11. Neuer 25.5K posts
- 12. Martinelli 33.2K posts
- 13. Konate 18.9K posts
- 14. Declan Rice 30.6K posts
- 15. Anfield 28.3K posts
- 16. Seditious Six 129K posts
- 17. Insurrection Act 7,158 posts
- 18. Al Sharpton 2,747 posts
- 19. Arteta 40.9K posts
- 20. #triplegobble N/A
Something went wrong.
Something went wrong.