Thought Leaders in Cyber Security: Craig Hinkley, CEO of WhiteHat Security (Part 5)

Craig Hinkley: You had asked about use cases. I would like to talk about two examples of software development lifecycle. What’s interesting is the dev ops trend—the bringing together of the operations and development teams. What we’re pushing for and striving to achieve is secure dev ops or sec dev ops. We want to embed secure software development into the sec ops environment. Because the more securely you develop software through the software development lifecycle, the more secure your software will be. Less vulnerabilities will show up in websites and web applications. Significant increase in productivity and cost savings can also be achieved by having a sec dev ops.

People say, “What about agile?” People are using agile as a development methodology. We have one customer who is a complete agile shop. At the end of every day, they check their codes into their agile library. They can use WhiteHat source code capability. We do 160 scans in the evening involving around 16 million lines of code. When the developers come back in the morning, if there are any security issues that we found introduced in the code they developed yesterday, they will have them in their to-do boxes. That’s like near real-time feedback. Now, they just go correct the code from yesterday to fix the security issues. That’s a customer who mandates to have vulnerabilities fixed within 24 hours. This is a demonstration where agile is not fragile and how a company can truly use WhiteHat to build a sec dev ops capability.

On the development and production side, we have companies who are using us for over a thousand of their web applications to provide continuous scanning of all of their critical commerce applications. That’s an example of how we can then use both ends of our offering to completely provide a closed-loop mechanism. In the production, we’re calling the phrase security decay because your security posture of web applications and software decays over time as you make more changes, introduce new features, and bring third-party libraries in. Your security posture decays over time. We have customers who use our dynamic capability to look at their software, applications, and websites and detect any of that decay and provide that back to the development team. That’s the closed-loop system we have. That’s an example of two customers who use us in different parts of the SDLC.

Sramana Mitra: Very good. This was a very interesting conversation. Thank you for your time.

This segment is part 5 in the series : Thought Leaders in Cyber Security: Craig Hinkley, CEO of WhiteHat Security
1 2 3 4 5