![]() And we see that 56% of the biggest incidents in the last five years were because of web applications and software services that your company depend upon. How much data are you giving the apps that you use every day, and one-third of them have some kind of critical vulnerability that affects your security and privacy? Next slide.Īt the beginning of 2021, 86% of technical respondents told us that their security teams and their developers have no meaningful communication. Not even in business, just in your personal life. Think about all the software that you use and depend upon every day. One-third of all applications have a serious to critical bug. So, here we have Security Boulevard, some recent statistics. That’s not one study, that’s any study ever done on the cost of fixing bugs. Every study I have ever looked at when it comes to fixing bugs will show you that the longer you wait to fix a security bug, from idea, to development, to production, the cost to fix that bug increases exponentially. We want to identify and fix security bugs in the software that we care about. Now let’s say that your decision is you want to fix these security bugs. That’s leading to security fragility across the entire software ecosystem that runs the world today. The cloud services do the best they can, and the third party library developers don’t want security bugs, but they happen, and they happen a lot. You have security configuration errors in the frameworks and cloud services that you use today, and this is not an easy problem to solve by any stretch of the imagination. You have security errors in the third party libraries that you use every day. You have security errors in the custom code built by your developers, one of the biggest problems. So software security, application security, it’s eating the whole world right now. You have a firewall problem? Well, that’s because of the software in that firewall and similar. ![]() Most security problems you’re looking at, it’s in software. It’s about what do I see in these companies that make me want to invest in them? So, I want to talk about that in just a few minutes, but let’s talk about the problem first of all. I was an investor in SecureCircle via CrowdStrike, and I recently sold Bit Discovery to Tenable. I was part of Signal Sciences, the original investor, and it’s been sold to Fastly. I was part of Brakeman Pro and sold that to Synopsys. I was one of the principals at WhiteHat Security that sold to NTT. This is not about me and my exits, it’s about why I invested in Nucleus and what I saw in them. ![]() I’ve been an author, an investor in security companies, and an educator for many years. Jim Manico and Scott Kuffer’s RSA Conference 2022 Talk – Five Challenges Facing AppSec Teams at Large Enterprise and How to Solve Them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |