DevOps East 2017 - DevOps Security

The bad guys don't break in through the highly secure bank vault door; they attack the crumbly bricks and mortar of the vault walls. The same is true for application security. The vast majority of incidents don't target security features like encryption, authentication, and authorization. Rather, the target is vulnerabilities in the boring, non-secure parts of the code. In many organizations, the security function is still largely thrown-over-the-wall, but things are changing. Larry Maccherone believes we cannot prevent the vast majority of incidents with a bolt-on approach to security. We...