Ambassador
Paul Toal
CISO Advisor
United KingdomVerified Community AmbassadorContent Paul is Following
With respect to the technology and processes that your organization already has in place, what is your biggest unmet need or gap in AppSec?
Securing development infrastructure (GitHub, Jenkins, etc.)
Code tampering
Securing Infrastructure-as-Code (Terraform, Kubernetes, etc.)
Source code leakage
Software composition Analysis (Snyk, Whitesource, etc.)
Protecting the app in production
None, we don't perform vendor security reviews
Very little, our vendor reviews are mostly a box-checking exercises
Sometimes vendor security reviews delay purchases but they don't change outcomes
Vendor security reviews break ties between equal vendors
Vendor reviews make security a key buying criteria