printer friendly version

Software security is a team sport

Building and maintaining secure software is not a one-team effort; it requires the collective strength and collaboration of security, engineering, and operations teams. This is according to CASA Software, a digital transformation organisation that partners with Veracode to secure software from code development to cloud deployment.

Rameez Edros

“Teams must understand the workflows and objectives of their counterparts,” says Rameez Edros, account director at CASA Software. “Misunderstandings and misalignments can lead to frustrations, increased security risks, and hindered progress in achieving organisational goals.”

Edros breaks it down into the specific teams involved, as follows:

Security: The security team plays a crucial role in safeguarding an organisation’s assets, data, and systems from potential threats. The primary goal of the security team is to identify vulnerabilities, implement security controls, and ensure compliance with industry standards and regulations. However, this area is not without its challenges, including limited visibility into the development process, difficulty deciphering which alarms are the most important, and the need to balance security with business agility.

Development: The software engineering and development team is responsible for creating and maintaining software applications that power a business. Their goal is to deliver high-quality code that meets functional and security requirements. However, they face challenges such as time constraints, pressure to meet deadlines, and a lack of available security expertise. Balancing the need for speed and security can be a delicate task for development teams.

Operations: This team ensures the smooth functioning of the company’s infrastructure, systems, and applications. Their goal is to maintain high availability, scalability, and performance. They face challenges such as managing complex environments, handling incidents and outages, and maintaining security, while implementing changes. The operations team plays a critical role in guaranteeing the company’s systems are secure and operational.

Edros highlights Veracode’s guidelines for building trust among teams. “In a nutshell, this can be summarised as: engage, solicit feedback, and respond to that feedback. It is also advisable to conduct testing and proof-of-concepts to demonstrate the effectiveness of security measures. Documenting this buy-in and sharing it with other

Share this article:

Further reading: