LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Security practices take focus off programmers and onto systems


By Alex Handy


 Alex Handy
Email
October 11, 2012 —  (Page 3 of 3)
Ed Jennings, executive vice president of sales, marketing and services at Veracode, said that this new approach is quite vast compared to straight code scanning.

“The program we're enabling is vendor application security testing,” he said. “This is a fully outsourced program. Our application security experts come in and define the policies you want for third-party applications—what they're going to have to do for compliance, and such. We get the list of all application partners and their contact info, and we'll take responsibility for reaching out to those partners scanning the applications. We're helping them scan the output and to perform other forms of mitigation. Then we work them through to comply to the enterprise policy.”

This approach takes the security compliance burden off the end users, said Jennings. “We would be testing 100 out of 10,000 applications for a bank. They pay for us to go scan third-party vendor applications. They had to prioritize the 100 highest-risk vendors. They'll keep paying for those, but for the thousands of other vendors, they give us the list of contacts and applications, and then we go contact them directly for our new mandate. This allows for enterprises to scale thousands of applications, while diffusing the cost to the supply-chain partners themselves.”

But no matter the solution, it would seem that security is not just something that can be fixed by pointing an in-IDE tool at the developer and throwing alerts when coding policies are violated. With so many applications coming from so many different sources, simple code scanning and in-IDE compliance tools aren't enough to ensure security in this dangerous new world.


Related Search Term(s): Denim Group, security, Sonatype, Veracode

Pages 1 2 3 


Share this link: http://sdt.bz/37067
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?