General Meeting: April 2019 - Software Security
Many recent major security breaches can be linked to a software vulnerability - either left unpatched or a zero day – that made the attacker's job easier. Yet, we do not put the developer at the center of our cybersecurity strategy. With DevOps becoming mainstream, and with tens of millions of developers creating code for all kinds of software-enabled devices, mobile apps and cloud services, it is time to expand the fight against advanced threats to include the developer community and its ecosystem.
Developing secure code at scale will require expanding the security conversation beyond developers. This talk will challenge the entire software ecosystem to play their part in building more secure software and deliver software security at scale. Learning from the collected real-world experience of large development organizations, we will review short term strategies for organizations to adopt a secure software development process. For the longer term, we will discuss the drastic changes required in how we teach, develop, test, govern and purchase software-based products to permanently change the software culture and deliver software security at scale.
Eric Baize, Vice President, Product & Application Security – Dell & Chairman, SAFECode
Eric Baize leads Dell Product & Application Security organization and is responsible for driving enhanced security practices into the lifecycle of all Dell products and internally developed cloud and IT applications. Eric joined Dell through its merger with EMC where he built EMC’s highly successful product security program from the ground up.Eric also serves as the Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. He holds multiple U.S. patents and authored international security standards.