Skip to main content
December 10, 2013

Video Interview with the CISO of Aetna, Jim Routh

Businesses run on software; it gives us the features and functions needed to make our teams more productive. In order to get those features and functions, we turn to third party software suppliers for the latest and greatest. However, these software suppliers that produce these nifty applications need to apply the same software security measures enterprises use for their internal software development. Unfortunately, too few enterprises have taken the steps necessary to understand the approach these software suppliers are taking for software security.

In an effort to address this issue, a group of leading banks, insurance, and mortgage companies including Morgan Stanley, Citi, Goldman Sachs, RBS Citizens, Thomson Reuters, Aetna, and many others have proposed controls types which enterprises can integrate into their vendor governance program to better understand the security of their vendor-supplied software. To learn more about these control types, download the whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers.”

In the below video, Jim Routh, CISO of Aetna and a member of the group that designed these recommendations, describes why this issue needs to be addressed and discusses the intend and purpose for each of the three controls.

For more commentary and critical analysis of the controls proposed by FS-ISAC by Jim Routh, Wendy Nather, and Chris Wysopal register here.

Related Content

Senior Product Manager for Veracode’s application security platform including reporting, analytics and API feature sets as well are Veracode’s technology evolution from a monolithic architecture into MicroServices. Anne partners with Veracode customer’s to manage application security risk through new product features and functionality while enabling Veracode’s best in class scanning technologies.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.