Application Security , Next-Generation Technologies & Secure Development , Secure Software Development Lifecycle (SSDLC) Management

Collaborate on Shifting Left: Why 'AppSec Is a Team Sport'

Cycode's Lotem Guy on Bridging the Gap Between Security Management and Development
Collaborate on Shifting Left: Why 'AppSec Is a Team Sport'
Lotem Guy, vice president, product, Cycode

Application security and software supply chain security are challenges for CISOs, in part because a CISO cannot solve an application security issue without working with developers.

Developers are using more and more open-source code because they "want to move fast," said Cycode's Lotem Guy. But the potential vulnerabilities in that code - plus the speed of development and the continuous deployment that follows - mean security teams have to catch up to the fast-moving development life cycle. Security can't hurt productivity, Guy said. "We have to realize that the organization needs to be successful first."

Cycode surveys show that 70% of its customers believe "today's attack surface is completely unmanaged." Tools exist to try and manage it, he said, but then security teams face the problem of managing a complex set of tools.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Guy discussed:

  • Making a "controlled shift left" in which AppSec, Dev and DevOps work together to ensure that applications are secure;
  • How Cycode handles the issue of risk that comes from open-source code;
  • How software bills of materials and NIST's Secure Software Development Framework force developers to consider security.

Guy is a security researcher and developer with more than 15 years of experience in the tech industry. His areas of expertise include application security, cloud security, endpoint security and ethical hacking. Throughout his career, he has contributed to numerous innovative security solutions and navigated complex challenges in the evolving landscape of cybersecurity.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.