“Design is the most neglected aspect of software security.” — Jim Routh
In this 50 in 50 Interview with Jim Routh, we have an extended discussion on the line between design and remediation, the ideas behind Gene Kim‘s “The Phoenix Project“, through his work using kanban systems for cross-functional sharing. Jim has one of the best analogies I’ve ever heard on how to envision a tool for automated vulnerability discovery during the software development process.
“When a finger tip goes on a keyboard to write code, that’s the time to introduce security into the development process.” — Jim Routh
Part 02 in an upcoming segment explains how components started as a simple idea and are now a central part of the open source development process.
Listen to the Interview: Jim Routh – Software Design and Remediation
“The more you frontend controls in the development process, the less expensive it is to introduce the change.” — Jim Routh
Hightlights of the Discussion
00:05 Introducing software security concepts into the development life cycle
02:51 The line between design and remediation
08:18 A automated development tool with contextual help
10:54 Pushback to new security methodologies
13:30 The concept of security “moving left” in the application life cycle
17:02 The Phoenix Project, Kanban boards and cross-funtional sharing of information