From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
Hey Jim, what’s your opinion on security champions? Any experience with that concept?
I think it’s fundamental, especially in big companies where dev’s massively outnumber AppSec staff. Identifying, promoting and supporting dev’s who deeply understand security and communicate well with other dev’s on security - is fundamental to good AppSec programs!
Thanks :) from my experience it’s not that easy to persuade decision makers into freeing up resources for this, but I’m also convinced that it’s an important way to transport the message of implementing security at all stages.
The only time I struggle to persuade decision makers to support security champions is when an AppSec program is n shambles in the first place. If I was to start a program where dev security was a mess, I’d start with DevOps style scanning and developer education.
United States 趨勢
- 1. Kanata 14.5K posts
- 2. Lakers 49.7K posts
- 3. Dillon Brooks 7,201 posts
- 4. Bron 25.1K posts
- 5. Giants 86.2K posts
- 6. Patriots 133K posts
- 7. Dart 36.5K posts
- 8. #AvatarFireAndAsh 3,165 posts
- 9. #WWERaw 72.4K posts
- 10. Collin Gillespie 2,090 posts
- 11. Suns 19.4K posts
- 12. Hololive 14K posts
- 13. Drake Maye 24.6K posts
- 14. Ryan Nembhard 4,367 posts
- 15. STEAK 10.5K posts
- 16. James Cameron 4,846 posts
- 17. Diaz 34K posts
- 18. Devin Williams 7,806 posts
- 19. Pats 16.4K posts
- 20. Devin Booker 2,665 posts
Something went wrong.
Something went wrong.