Bryan Batty is the Director of Product and Infrastructure Security at Bloomberg Industry Group, a subsidiary of Bloomberg L.P., the news organization and the Bloomberg terminal. Bloomberg’s focus is on legal, tax, and accounting news, and tax and accounting software.
Batty runs the product security and infrastructure security teams, working closely with developers and the infrastructure teams to make sure that what is being put into production, and into operations, is done in a secure manner, including looking for existing vulnerabilities within their existing infrastructure.
We caught up with Bryan in January to talk about the process of software development at Bloomberg, and specifically, the management of their software supply chain, in this four part conversation. This is Part One.
“If you start out with a tool like Sonatype’s Nexus Lifecycle, it’s going to work out well. You’ll know immediately the version of a component, whether it has a license that you want to use, or if it has known vulnerabilities. Nexus Lifecycle knows which component versions are free from known vulnerabilities, and when security issues are discovered, it knows what the vulnerabilities are.” — Bryan Batty
I got my bachelor’s degree in 2006, and wanted to be a developer, to build stuff. I really enjoyed it. If security hadn’t come along and grabbed me, I would still be very happy building new software and tools. I got into security very shortly after I started in my career. I was attending a Microsoft conference and there was a session on SQL injection. I was just shocked at how easy it was to do that.
So after my jaw dropped, I thought about the code that I had been writing. I said, “Oh, I better go back and fix it.” I hacked myself (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/nexus-innovator-bryan-batty-of-bloomberg-industry-group-part-1-of-4