By Byron V. Acohido
Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge.
Related: The fallacy of ‘security-as-a-cost-center’
Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.
As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced application security and API security tools and practices are grabbing a lot of attention.
I had the chance to visit with Scott Gerlach, chief security officer and co-founder of StackHawk, a Denver-based software company launched in 2019 to join the phalanx of vendors innovating like crazy to dial-in meaningful code checks, in just the right measure, at just the right moment.
Guest expert: Scott Gerlach, CSO, StackHawk
We had a great conversation about how the venerable “shift left” security philosophy is being refined so that it better aligns with the way software gets developed today – at light speed. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.
“Shift left still applies because you do want to get security processes into the left side where you design, develop, test and deploy,” Gerlach told me. “But it’s really about how can we get security information closer to the people who are writing code, changing code and fixing code.”
In short, “shift everywhere” is the new “shift left.” For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
April 20th, 2023 | For technologists | Podcasts | RSA Podcasts | Top Stories
