Stephen Bonner, Partner, Information Protection, KPMG
Tim Holman, President of the ISSA UK Chapter
John Jacott, Security Practice Leader, Coverity
Jolyon Clulow, Director IT Security - Strategy, Architecture & Application Secuirty, Deutsche Bank
Paul Fisher, ex Editor of SC Magazine
Questions for the Panel:
1. Disconnect between Professional Security and Developer when it comes to delivering security code. Why there is a gap?
2. Isn't it he case that security professional have been historically focussed on network security perimeter control? Do we need more education around application security and secure coding?
3. Developers are not perceived to be security professionals .... Why should they care about fixing security defects in code?
4. How efficient is it to employ security auditing to remove security vulnerability from an application? Is there a more optimization way? How might this look?
5. Why aren't developers using security tools that have been licensed to business so as to mitigate application & code defects? Why there is push back?