Newest technology and industry experts jointly dis

Xinsi technology and industry experts jointly discuss the improvement of software security

in recent years, many software security incidents have become headlines, and both software developers and ordinary consumers are deeply worried about software security risks. But don't ignore the efforts and achievements of the industry in software security. As 2020 approaches, Xinsi technology and industry experts discuss trends, processes and technologies that have had a positive impact on software security in the past few years

devsecops' impact on software security

- Meera Rao, senior chief consultant of Xinsi technology, can know the state of the experimental machine and various experimental parameters through the display screen

for enterprises who want to turn to devsecops and build security, the following three key areas have a great impact on them:

eliminate information barriers. Don't wait for errors and vulnerabilities to damage the application before fixing them, but treat security issues like any other errors in the Devops process. Security should not exist alone, and developers should not get feedback only when they find security problems. In addition, finding the right collaboration automation tools to enable development, quality assurance, and security teams to work together is an important part of devsecops

promote collaborative change. Enterprises want to bridge the gap between Devops and security, while maintaining productivity and the speed of solutions to market, but they usually do not realize that the entire enterprise needs to make changes. Just like continuous integration, continuous delivery and continuous deployment, continuous collaboration and communication must also be carried out among development, security and operation teams

train and become safety experts. By establishing a training and security supporter program, members of the development team can learn and voluntarily cultivate software security skills and awareness through guidance, training and close cooperation with the application security team. These security experts guide the application security of the development team in the front line, and make up for the gap between Devops and the security team

software security trends for tools and solutions

- Jay kelath, director of product security at Dow Jones

I see two software security trends. One is in technical tools; The other is engineering

in terms of tools, most of them focus on Iast (interactive application security test) and DAST (dynamic application security test). These new technologies will completely change the security of applications

next is solution oriented application security. The appsec team focuses on finding problems and then letting developers fix them. Things are slowly changing, and now we are building solutions that engineers can use

this is the development direction of Dow Jones. We are trying common solutions for authentication, encryption, and cross site scripting

it is easier for us to develop solutions for specific technologies, and then tell the developers: Hey, do you want to use authentication? Here is a library, a schema, or a tool to use. This solution oriented engineering safety has attracted more and more attention

cloud + compliance = better data security

- Steven Totman, general manager of cloudera financial services, enterprise data cloud company, and Richard Harmon

hybrid cloud strategy always promise and provide lower cost, better agility, higher operational efficiency, and more flexible ability to adapt to new technology updates. The biggest problem faced by financial institutions is whether the combination of traditional local storage and public and private clouds can provide sufficient security and governance measures to resist the continuous threat of fraud and data leakage

ironically, although hybrid cloud environments will bring security risks because enterprises continue to move data between private and/or local environments and public clouds, they can still achieve greater disaster recovery and higher data security. Therefore, the bank will be in a better state to achieve compliance. This is because it is usually easier to protect data in one place than in multiple information islands across the enterprise. In addition, cloud providers have a huge vested interest in ensuring data security

trends in software security and hardware security

- Deirdre Hanford, chief security officer of Xinsi technology

in addition to the need for secure software (we and several other companies do business in this field), there is also an emerging trend to ensure that the basic hardware is also secure. Xinsi technology has a large part of its business in semiconductor design, providing electronic design automation software tools and chip design components

we hear more and more from our partners that they not only want to build cool and powerful chips like IOT devices, but also need secure IOT devices. They want to ensure that not only the software running on the chip is safe, but also the underlying hardware. I have been dealing with hardware for most of my career, and I am very excited to see security in the needs of the hardware team

the implementation of gdpr regulations improves network security

- check point

the general data protection regulations (gdpr) inevitably reshapes the model of how European (and even the world) enterprises deal with network security

enterprises adopt a comprehensive security plan to deeply integrate security into it systems at the design stage, rather than improving after deployment. Thanks to this, enterprises will gain consistent and stronger data security. Integrating the security architecture and embedding it into the platform and throughout the entire IT network is usually more effective in solving network security incidents and improving gdpr compliance

software security training is increasing

- mahesh kukreja, senior security consultant of Xinsi technology, is increasingly aware of the importance of security issues. The demand for security training for software developers is growing, so they can build security software from the beginning. As more and more enterprises need safety training, safety technology will also be rapidly enhanced. Some developers are still indifferent to the fact that the safety zigzag experiment should be carried out at a temperature of 10 ℃ ~35 ℃ (unless the system is damaged). Such training courses help them establish a safe development mentality

doing a good job of Devops helps improve security

-puppet, circleci and Splunk, from 2019 state of Devops report

companies that integrate security throughout the software delivery lifecycle are more likely to implement Devops practices throughout the enterprise

the stress (yield platform stress) that remains basically constant is called the yield point σ S found that 22% of the companies with the highest level of security integration have reached the advanced stage of Devops evolution. The principle of Devops and the principle of security are similar, which can have a positive impact on software development (including culture, automation, evaluation and sharing) and ensure excellent security

the strong Devops culture also supports stronger security. Shared culture, teams use common tools to collaborate and work towards common goals; The delivery team has strong autonomy, but it is relatively easy to complete work across enterprise boundaries - this culture can enable different departments to truly assume common security, and can identify problems as soon as possible and solve them in the best way

this article is an excerpt. Please refer to the full text: