Paul Kraus, CEO of Eastwind Networks, and 25 other executives spoke with DZone journalist Tom Smith about how the cybersecurity landscape is changing.
Here are a few highlights but check out the complete list at DZone
- Incorporate security into design reviews. Secure peer code reviews are tremendous learning opportunities for developers to learn. Take the time to do them. 2) Include a suite of security tests. 3) Secure code review increases the level of capability to see the little tricks that take shape. Understand security metrics the same way you understand performance metrics. 4) Be mindful of user sessions or behavior for which you want to evoke security requirements. 5) Don’t grab code from StackOverflow and put it into production. Test it first! Cost of a software bug: $100 when initially coded, $1,500 in QA, $10,000 in production.
- Developers need to bring security testing to the earliest possible stages of development, push security testing in the design and development phases and not right before deployment. Focus on security throughout the development process, beginning when a piece of code is written means it gets tested for quality and security at the same time, providing feedback within minutes or hours. This means code can be released more quickly. 2) Developers also need to keep, create, and maintain a list of recommended software frameworks and components that security teams and developers can and should use. This can give teams a better way to visualize their work, providing a strong support system and giving solid feedback in a short timeframe to keep frameworks up-to-date.