One of my pet peeves is that everyone is talking about how much you can save by moving security into the development cycle instead of waiting until the hand-off to testing and operations, but not providing any data or stories to back it up. I decided to do a live broadcast and talk to two people who might be able to shed a spotlight on the subject.
Jeremiah Grossman and his team at WhiteHat put out one of the top surveys of the year, the Website Security Statistics Report. At the same time, the Sonatype crew, along with Ryan Berg, released a survey, analyzing the usage of open source components in major Java applications. I called them both and asked if we could talk live, online to figure out a way to measure the effects of “moving left”, or including security in the development cycle.
On November 12th, I’ll be talking with Ryan and Jeremiah; I’ll be in Dusseldorf Germany, Ryan in Austin Texas, and Jeremiah in Hawaii. Join us for the conversation as we investigate the real cost of waiting and the impact it has, financially, on your software projects.