“If you take the big, monolithic testing effort you currently have at the end, and you push it towards the beginning but it remains monolithic, you’re not going to get the dramatic increase in efficiency and decrease in cost you expect. It has to be an incremental effect.” — John Steven
One of the things I have recently been investigating is the true cost, the real cost, of security and how that changes based upon where in the application life cycle you are. I was talking with John Steven from Cigital and we agreed it might be good to record our thoughts to see where it leads.
“With security, it’s not a question of how far left you can get. It’s really a question of are you doing the right things at each step.” — John Steven
Listen to the full Interview: John Steven – Measuring the Cost of Application Security