Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.
Open source software components may be free, but that doesn't automatically make them safe to use. "There can be risks involved," says Steve Giguere, of Synopsys, who says these risks are often compounded by the pressure to deliver goods to market quickly and with new features.
As organizations move more data into the cloud, too many are treating security as an afterthought, says Outpost24's Bob Egner. Instead, as part of an agile development program, he recommends making penetration testing a constant, and using solid DevSecOps to maintain optimal cloud data security.
The FDA should consider some sort of measuring stick when assessing a vendor's cybersecurity culture to determine if it qualifies for the agency's proposed fast-path program for premarket approval of "software as a medical device" products, some industry stakeholders say.
RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence. The report also shows a continuing surge in mobile app fraud.
As attackers get increasingly sophisticated in reverse-engineering applications, it is imperative that enterprises secure trusted applications that are reaching back into the datacenter from beyond the perimeter, says Rusty Carter of Arxan Technologies.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
Organizations are increasingly incorporating open source code elements into their software development to accommodate agile development methodologies and swift go-to-market requirements, but not many are addressing the security concerns that follow, says CA Veracode CTO Chris Wysopal.