OnDemand Webinar | Software Security: Prescriptive vs. Descriptive
The goal of a software security program is not to find security vulnerabilities; it is to find and fix security vulnerabilities. If you’ve got flaw details describing the vulnerabilities in your code, but don't have the context needed to address them – you don’t have what you need to lower your risk of breach. It's like getting an x-ray, and then only receiving the radiologist's report with no context or guidance from a doctor. You've got all the details, but don't know what to do with them. At the end of the day, you can’t scan your way to secure code, and software security programs need to move beyond descriptive into prescriptive. Ultimately, there’s only one group that can fix vulnerabilities in code – the development team.
Therefore, effective software security means enabling the development team with the tools and training it needs to fix what they find. Join this session to find out:
- Benchmarking stats and data on fix rates;
- Best practices in remediating software vulnerabilities in smart ways;
- What enabling developers to fix the security flaws they find looks like;
- The role of security champions;
- The types of developer security training that are effective and engaging.