
11. Designing for Security: A Conversation with Tom & Camille
Ngarama
Description
<p><span style="font-weight: 400;">In this episode of</span> <em><span style="font-weight: 400;">Cyber Security Inside</span></em><span style="font-weight: 400;">, hosts Tom Garrison and Camille Morhardt are doing things a little differently. Instead of bringing on a guest, they’re having a 1:1 conversation about the security side of product development and support.</span></p> <p><span style="font-weight: 400;">They cover things like threat models, red teams, bug bounties, the role of PSIRT vs. PRT, no harm testing, SDL, issue mitigation, and more.</span></p> <p><span style="font-weight: 400;">Check it out. </span></p> <p> </p> <p><strong>Here are some key take-aways:</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">When designing a product, you have to think about not just what you’re building your product to do, but also what it might be used to do. </span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Every time you learn about a new kind of attack or vulnerability, you want to bake those checks into your SDL process so you don’t repeat the same mistakes as a product is being designed. Automation can help, while also ensuring you don’t inadvertently open up an opportunity that you already learned about from a security standpoint.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">If you only rely on external researchers to uncover vulnerabilities, you’ll leave yourself open to security threats and attacks.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">It’s not good enough just to have a resolution. You have to make sure that the fix for an issue doesn't cause a problem somewhere else.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">A challenge across the industry is figuring out how to communicate security fixes in a way that customers actually care about. </span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">You have to think holistically about your product and
Uploader
Episodes
11. Designing for Security: A Conversation with Tom & Camille
Ngarama