Application Security , Events , Next-Generation Technologies & Secure Development

Why App Security Should Shift Everywhere, Not Just Left

Checkmarx CEO Sandeep Johri on Securing Applications in the Development Stage
Sandeep Johri, CEO, Checkmarx

Organizations are faced with the security challenges presented by the combination of custom and open-source code. Sandeep Johri, CEO of Checkmarx, suggests treating all open-source code as an unknown source and conducting security checks using software composition analysis to identify vulnerabilities.

See Also: Safeguarding Election Integrity in the Digital Age

The vast number of security issues that need attention can "overwhelm" developers, Johri said. Therefore, it becomes imperative to equip them with the right tools to help them effectively address security concerns.

A "better correlation" among pre-deployment security tools and a focus on critical defects must be prioritized to balance the tradeoff between speed and security in application development, he said. While "shift left strategy is essential to fix the code," Johri said, "you need to look at the containers and where they're deployed in the cloud. Security has to be systemic, across the whole CI/CD pipeline and all the way into production."

In this video interview with Information Security Media Group at RSA Conference 2023, Johri also discusses:

  • Why the "shift everywhere" approach is better than shift left;
  • Challenges associated with prioritizing vulnerabilities in the application development stage;
  • Overcoming the complexity of supply chain security and other emerging threats.

In a career spanning more than 30 years, Johri has been an executive, founder, strategic adviser and investor. Previously, he served as CEO of Tricentis, which he led for seven years from an early-stage startup to a global leader of continuous-testing software solutions. He also held senior management roles at HP.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.