Okay, so let's get to why I am here. my goal is to focus on areas that I might know less about and can see actionable efforts in areas I can be effective (and again, look for things I can use that don't require permission or money from my company to put into play).
Dr. Joye Purser is the Global Lead for Field Cybersecurity at Veritas Technologies. Walter Angere is Senior Vice President for Engineering at Veritas and co-author of the paper. To be clear Dr. Purser is the one delivering the talk.
Creating secure software involves a lot of moving parts. So says someone who labels herself as "at the forefront of global data protection."
High-profile security incidents are increasing and the critical nature of secure software development is needed more than ever. Because of high-profile cases that end up in the news regularly, Dr. Purser shared her journey and experiences with Veritas, a well-established data protection company. She shared their journey of ensuring software security.
Veritas has a seven-step SecDevOps process, demonstrating how they aim to control and secure software at every stage.
1. Design and Planning: Building security in from the outset, not bolting it on as an afterthought.
2. Threat Modeling: Identifying potential threats and mitigating them before they can become problems.
3. Code Analysis: Veritas uses advanced code analysis tools to identify vulnerabilities early in the process.
4. Automated Testing: Leveraging automation to continuously test for weaknesses.
5. Chaos Engineering: Veritas has a system called REDLab, which simulates failures and tests the system’s robustness under stress.
6. Continuous Monitoring: Ensuring that the software remains secure throughout its lifecycle.
7. Incident Response: Being prepared to respond quickly and effectively when issues do arise.
A little more on chaos engineering. This technique actively injects failures and disruptions into the system to see how it responds, with the idea that systems are only as strong as their weakest points under pressure. Veritas' REDLab is central to this effort, putting systems under tremendous stress with controlled chaos experiments. The result is a more resilient product that can withstand real-world failures
Veritas also focuses on ways to validate and verify that code generation is done securely, along with a variety of ways to stress test software during multiple stages of the build process. The talk also touched on the importance of keeping technical teams motivated. Including examples of role-playing scenarios, movie stars, and innovative content ads a touch of fun and can help keep development teams engaged.
As technologies evolve, so do the techniques required to keep software safe. Security is needed at every stage of the software development lifecycle. Using techniques like chaos engineering along with creative team engagement has helped Veritas stay at the front of secure software development.
No comments:
Post a Comment