|
At my company, code reviews go through a security check (where applicable). We also have an internal security team (made up of devs) that examines security issues that crop up during development, as well as a security team that handles the security of our deployed app. On top of this, we use a couple of 3rd party vulnerability testing companies who perform penetration testing of our code every release.
Yeah, we deal with money.
/ravi
|
|
|
|
|
The captain of a ship is always responsible. Period.
|
|
|
|
|
Who is responsible for your team?
I am.
|
|
|
|
|
... for a moment, responsibility is different from blame. We should be responsible but not blame any one.
Also security is in layers and it is the job of everyone from
first layer : code writing and not making well known failures like sql injection etc. to code reviews to hopefully catch these if written by junior devs.
second layer : application design and communication protocol selection and general practices in putting things together.
third layer : auditing and white hatting the apps workflow and usage by specialists (if you have the resources)
Even with all these there will be a time when things go "to the fan", and in these times working towards a solution without yelling at people is the best and most productive course.
|
|
|
|
|
Stop making sense. The Oompas will get mad.
|
|
|
|
|
Sorry, total lapse of judgment
|
|
|
|
|
Why isn't Bruce Schneier one of the options?
|
|
|
|
|
|
Very clever. I should have added that as an option (though it would probably be best covered by "Now that I think of it, no one")
cheers
Chris Maunder
|
|
|
|
|
I do it all, even security when my CRS isn't acting up!
I may not be that good looking, or athletic, or funny, or talented, or smart
I forgot where I was going with this but I do know I love bacon!
|
|
|
|
|
The two of us.
The regular stuff is screwed up and made ever more annoying by the CISO - but he has to do something - anything - to give the appearance of doing something.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Honest!
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
So says the training material anyway.
|
|
|
|