- Do you review security at each phase of the software development life cycle?
- What methodologies do you use for security testing your products?
- Do third parties conduct security assessments on your products?
- Do you have security squads that attack your products prior to release?
- Do you use automated tools for security testing or code review?
For those of you out there with products products which have access to your customer's networks and data: get yourself a roadmap for developing the skills in your organization so that you can credibly answer these questions well. Educate your management to get the funding and time required. We've gotten away with some amazingly casual attitudes towards protecting our customers, but those days are rapidly vanishing.
No comments:
Post a Comment