This year’s SOURCE Boston gave us a chance to sit down and talk appsec with Josh Corman, Akamai Technologies’ Director of Security Intelligence. Our three part video interview primarily focused on enterprise level application security, with part one concentrating on important decisions facing organizations that are purchasing software and implementing application security programs. The video and a brief overview of Josh’s responses are below. Stay tuned for parts two and three!
What factors should organizations consider when buying software?
Josh outlines the true cost of procuring software for businesses and discusses the most important factors that organizations must weigh in purchasing and implementing software. He also outlines where the responsibility for making software procurement decisions should fall within an organization.
How can enterprises be smarter about security?
Josh discusses the need for enterprises to “work smarter” in their efforts to mitigate security risks. He recommends targeting vulnerabilities based on the level of threat posed by each. He also describes the common shortcomings of appsec programs that focus too narrowly on individual flaws rather than their root causes.
Incorporating principles of a defensible security program into software development
Josh uses some real-life examples to depict different approaches used by companies that are successfully building security into their software development processes. In doing so he emphasizes the importance of education and peer recognition in creating effective security programs.