A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.
Have you ever had one of those days? Not just a waking-up-on-the-wrong-side-of-the-bed morning, but one of those soul-sucking, I-hope-the-earth-swallows-me-alive days?
Meet Alex, the CISO (chief information security officer) at a mobile app startup FilmFestFun. Alex is having a very bad day. In the run-up to his company launching their new app, everything that could go wrong has gone wrong—and then some.
The train’s late. The build keeps failing. The pen tester finds hundreds of bugs. Alex tries explaining to CEO Kayla that releasing an app with critical vulnerabilities is a very bad move. But she’s not having any of it. FilmFestFun has already spent millions on that night’s launch party, and she wants the app now.
How CISOs can make every day a great day with software security
Alex’s very bad day could have been a very good day—if only FilmFestFun had used the right software security tools and methodologies.
- Application security training integrated directly into the developers’ workflow
- An assessment of their software security initiative to identify gaps and address risk management goals
- A software composition analysis tool that allows legal, procurement, and development teams to manage open source licenses and vulnerabilities together
- Threat modeling and architecture risk analysis to find security weaknesses early in the software development life cycle (SDLC) to reduce attack susceptibility and rework
- Interactive application security testing to find quality and security issues at the same time and with immediately verified results
- An SDLC that builds security in from the beginning, so vulnerabilities don’t bury you at the end
Our new comic book is a quick guide to software security for CISOs. Find out what happens when one CISO finds himself in a race against the clock—and hackers.
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Derek Handova. Read the original post at: https://www.synopsys.com/blogs/software-security/software-security-cisos/