Secure Software Development Practices: Pointwester Talks About Security in the Dev Process
July 12, 2019
Pointwest Security Analyst Christine Balanaa talked about making software more secure during the 34th Enablement Seminar, “Managing and Integrating Secure Software Development Practices”, of the Philippine Software Industry Association (PSIA) last June 27, 2019 at the Marquis Events Place, BGC, Taguig.
Titled “Ease in: Continuous Security”, Christine’s talk focused on how to make software better protected from today’s digital threats by finding ways to include security within the software development process. Aside from being part of Pointwest’s Cybersecurity and Data Protection Unit, Christine is a senior software engineer with many years of experience. She is also a member of Women Who Code Manila.
“Most of the security processes we know today are designed to work with the traditional software development methodology,” Christine began. “But with the increasing adoption of Agile, we have to rethink our approach and our shifting roles.”
The first part of her talk focused on how developer teams would view security specialists as a cause of delay. Christine pointed out how misaligned timelines, differing priorities, and even the wrong kind of impressions regarding software security specialists and the necessity of the work they do all contribute to delays in production.
To address this, in the second part of her talk Christine discussed how to foster better communication between developers and security specialists so they have a clearer understanding of what each contributes to the team and the development process.
Christine said that security specialists should not burden developers with hundreds of pages of documentation. Christine also warned about the thinking that more tools mean more security. She reminded her audience that it is important to always evaluate if the tool “gives value to our product.”
“And it’s not only about the tools, because it’s really the combination of people, tools and processes that integrate together so that we could have continuous security,” Christine said.
Among the other items Christine discussed were how requirements drive coding and testing so security requirements should be on the list Devs need to do as the list determines the priority. She also talked about the countermeasures graph during design, and that Devs should learn to ask the question, “if I were evil, how would I abuse this application?”
Later on, Christine participated in a panel discussion moderated by Rene Canlas, Pointwest’s Chief Information Security Officer (CISO). One of the questions asked of her was on how startups can come up with secure applications despite being low in resources.
“Startups don’t have a lot of resources to start off with and yet they need to get to market quickly with something usable and then grow from there,” Mr. Canlas said. “So, what’s the role of security? When do you put in security?”
“We can reduce development costs by regarding security issues and defects as a single thing when we look for problems in the code, and not as two different concerns with different costs and timeframes,” Christine answered.
The 34th Enablement Seminar is part of a series of talks organized by the PSIA to help disseminate knowledge and best practices on the latest information technology trends and issues. Aside from Christine, the 34th Enablement Seminar also featured talks from Paolo Falcone of Etrading Software and Anton Orpilla of IBM Philippines.
Pointwest President and CEO Beng Coronel, who is concurrently Director of the Capability Development Committee of the Board of Directors of the PSIA, was present to give the opening and closing remarks. She pointed to the strong interest in secure software development given the good turnout for the 34th Enablement Seminar despite the continuous downpour the whole day.
Founded in 2003 by pioneers of the Philippine Global Sourcing industry, Pointwest creates value for its list of satisfied clients — including top Fortune 100 and local companies — with world-class digital innovation and IT modernization services backed by international-standard methodologies, and innovative practices.
For Inquiries, contact us:
+632 814 1100 (Trunkline)
+1 (888) 210-9078 (US Toll-Free)