Doomed to repeat mistakes
“In my many years of experience helping some of the largest organizations in the world roll out effective application security programs utilizing SAST the scariest trend I have seen is that application security takes a back seat to new features being released to the market or a hard release date. Application security is important but only when it is convenient and does not interfere with business drivers. Companies try to solve the application security problem with products and neglect to define and implement the process with the associated application security products. The fundamental misconception about application security is that it is not about just ‘scanning code’ but rather remediating real issues and educating developers how not to make the same mistakes over and over again.”
Matt Rose, Global Director Application Security Strategy, Checkmarx
Read the full article on The Enterprisers Project here.