In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?
The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.
The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.
Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.
The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.
The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.
Note: This story contains promotional content. Learn more.
Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]
On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/
Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988
DevOps Research and Assessment (DORA): https://dora.dev
2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg
47.4% of internet traffic wasn’t human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.
The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:
From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:
Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story