AppSec for 2020
Updated: Mar 20, 2020
Most organizations are building applications in 2020 and if yours isn't, don't worry because either you have a partner building applications for you or you otherwise will be developing apps.
This is because building applications is easier than ever to build (or outsource) and the speed at which they can provide information is faster and less work effort than hiring a team of people to manually collect, analyze, and disseminate information.
The problem is that applications introduce risk into organizations.
It is widely accepted that segregation of duties is an effective strategy to mitigate risk. We can see this in many areas across industry:
Accounting Departments and Auditors
Sales Teams and Contracts
Product Development and Product Testing
However, when it comes to software, many organziations slip. The developers are the same people who write the code, push the code live, and maintain it... thereby introducing great risk.
Why great risk?
Hackers are savvy. Code that isn't written security can be easily hacked and manipulated... and most code is not written securely. Writing code and writing code securely is the difference of writing a document and writing a legal document, both are documents but only one would you want to sign a contract with.
Let's make 2020 the year of Application Security, protecting apps and critical data so that our organizations can accelerate growth and we can gain the market lead we are looking for.