Shifting Security Left: Where to Start

The demands of modern software development and the rise of DevOps are shifting security left into the early phases of the development lifecycle. Companies that navigate this significant cultural, organizational, and technological change well are outpacing their competitors. But where to begin? In this session, we will describe five essential steps for shifting security left: 1) Make security autonomous from day one. 2) Integrate as you code. 3) Avoid false alarms. 4) Create security champions. 5) Maintain operational visibility. Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code from the start, and deliver stronger, better applications than your competitors. About the speaker: Chris Wysopal is Chief Technology Officer at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006 Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was an original vulnerability researcher at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing. Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking conservation trails near his home outside Boston. This session is part of Veracode's "Your AppSec Game Plan" Summit.