First, “we take a backwards approach to product development. This means we start by understanding our customers’ needs and build our products around them. From the design stage onward, our security and product teams work together to ensure that our products meet our customers’ safety expectations.”
The next step is to sit down with the scientists and think about their priorities to figure out who is doing what part of the defense. “Part of our mantra is that we bring in security experts early in the process, so they can be part of the design and product teams and collaborate more, instead of dealing with security later in the development process,” Herzog tells CSO. .
This last point is sadly too common for many other companies because it puts security at odds with product development. “This means that the security update is doing a code scan to find and fix things at the last minute,” he said. “Instead, we do scans throughout the coding lifecycle. Although this is difficult to do, it provides a positive feedback loop and produces better and faster results and has the added benefit of having the security team feel part of the development process as another developer,” rather than having a specific control point that can be set. go up in the opposite direction. “Our goal is to communicate early and often with the product team.” Call it the Chicago voting style of security management.
Source link