What’s the top priority: securing your code or your infrastructure?

1.2k views4 Comments

Managing Director in Finance (non-banking), 1,001 - 5,000 employees
There are multiple solutions for both separately, but more and more people are trying to create a single solution set to solve both problems simultaneously.
SVP in Finance (non-banking), 1,001 - 5,000 employees
Given the focus that SolarWinds has created around code security and how people are looking at the supply chain, we’re always looking at solutions in that space because now everything is under a microscope. In terms of actual source code, we have internal controls in place from multiple people involved in the process before the code is deployed anywhere, so our risk is lower compared to other areas right now.

There are best practices that you can implement that significantly reduce your risk. When I think about perimeter security, infrastructure security, cloud security, the things that I'm driving our portfolio companies to work on is to make sure they have two factor authentication and SSO integration, and that their identity management is in place so that they have AWS and Azure.

You have all these different things going on, but you're managing access to those platforms through a workflow that can be managed. Then they need to make sure there's governance around it, because the biggest challenge is exceptions. There’s always a situation where someone needs to do this work because production is down but then no one goes back and looks at it.
CEO in Manufacturing, 11 - 50 employees
A stat about SNMP basic protocol that came up in my discussions with some fortune 10 companies really opened my eyes. The vulnerability that we've got in that protocol, across literally everything from building management systems to air conditioning, v1 and v2 exist everywhere. SNMPv3 is “theoretically” secure, but in reality it's completely hackable. And where do the target breeds come through? An HVAC system that got them in to compromise the other systems. Our grid today is all set up in that manner. They're using SNMPv3 “securely” and then our grid to the digital infrastructure, to all the other aspects. So there are the vectors just in applications on cloud, but you also have to think about how many holes are underneath.
Chief Security Officer in Software, 10,001+ employees
These are not mutually exclusive. A code vulnerability can result in a compromise of your infrastructure. We prioritize our remediation efforts based on criticality of the vulnerability, availability of an exploit, whether something is publicly facing and what type of data it has.

Content you might like





Other (comment below!)12%


1.3k views1 Upvote11 Comments

Funding will dry for non profitable startups31%

No scarcity of funding in market57%

Recession will not hit6%

Funding will continue in high valuations6%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.4k views133 Upvotes323 Comments

Director of IT in Education, 10,001+ employees
Learning, Pseudocode, Code completion, quick answers
Read More Comments
2.6k views2 Upvotes2 Comments