There are a growing number of application security-related conversations – conversations around paralyzing breaches, increasing regulations, and risky open source code. Many of these conversations occur in small groups, resulting in action items for stakeholders who are often not involved in the conversation. How can those conversations include the voices of all the different stakeholders of application security – those who are accountable and impacted?
The 9th annual State of Community Management (SOCM) report released in 2018 by The Community Roundtable confirmed that communities are change agents for dispersing knowledge, sharing information, and, most importantly, enabling conversations across organizations, among peers, and with subject-matter-experts. One significant recommendation of that research was for communities to play a greater role in functions where sharing of information is critical. As I begin responding to the 2019 SOCM survey, I see how each stakeholder within our customer base has begun to participate in the application security conversation, and I see how these conversations can directly influence the speed at which organizations secure their software.
Online tutorials, technical support, and customer success teams (Security Program Managers at Veracode!) provide excellent guidance on resolving challenges and building execution strategies. However, those conversations specifically help you, help your organization, and help your strategy. The Veracode Community is a valuable part of this resource mix and includes your peers in those conversations – your peers who have experienced similar challenges, countless failures, and found their best practice. That best practice could be your best practice. These conversations can begin with a “how do I” question, a “why is this happening” question, or “who else has experienced this” question. We have an opportunity to build a global conversation on application security and each step toward secure software.
Perhaps as the security practitioner in your organization, the conversation is understanding how best to structure your program.
As the developer or manager of a development team, it’s understanding the impact to your software development process, ways to minimize that impact, and ways to get ahead of the flaws found in the code.
As a product manager, it’s understanding the value of adding this extra step – application security – in getting your product to market.
As a marketing executive, it’s understanding the value of including the security of your product in your company message.
As the company executive, it’s understanding the value of the investment in application security.
In what part of the application security conversation will you participate?
The Veracode Community enables these conversations, captures our customers’ ideas to drive product advancement, and supports your application security needs. Click here to see the features of the Veracode Community that will springboard your participation in the application security conversation that will support your efforts.