Friday, 1 November 2013

The Big Debate: Are you making the right decisions to secure your code?


Stephen Bonner, Partner, Information Protection, KPMG
Tim Holman, President of the ISSA UK Chapter
John Jacott, Security Practice Leader, Coverity
Jolyon Clulow, Director IT Security - Strategy, Architecture & Application Secuirty, Deutsche Bank


Paul Fisher, ex Editor of SC Magazine

Questions for the Panel:

1. Disconnect between Professional Security and Developer when it comes to delivering security code. Why there is a gap?

2. Isn't it he case that security professional have been historically focussed on network security perimeter control? Do we need more education around application security and secure coding?

3. Developers are not perceived to be security professionals .... Why should they care about fixing security defects in code?

4. How efficient is it to employ security auditing to remove security vulnerability from an application? Is there a more optimization way? How might this look?

5. Why aren't developers using security tools that have been licensed to business so as to mitigate application & code defects? Why there is push back?

Please post your comments to the questions above

No comments: