 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Grace Francisco, a former developer, made developers dance to drill home a point: Developers need to shift left and left again to embrace security before writing the first line of code.
“I like to incorporate emotions of concepts because it helps with setting a memory,” Francisco told the International JavaScript audience, who somewhat begrudgedly indulged the dance during her Sept. 27 keynote address. “I’m going to help you understand why we technologists have to embrace this responsibility to be part of that cultural shift. It’s super important.”
Francisco is CMO and head of developer relations at Pangea, which is a security services firm that offers security APIs for developers — so she has a vested interest in selling this point. But that doesn’t mean she’s not right: It’s too little too late to talk about security after an app is deployed. As security experts have warned time and time again, security needs to start with developers.
Plus, this is a real problem: She pointed out one survey had revealed 67% of developers “were honest enough” to admit they knowingly submitted insecure code.
Meanwhile, hackers aren’t script kiddies in basements any more — they’re organized crime and nation states: Highly funded, highly organized and extremely efficient, she added.
“Hackers are going to use AI to their advantage to exploit your code,” she said. “This is why you need to really embrace the responsibility [of] security.”
Personally Identifiable Information (PII) should be treated as the Crown Jewels of the company, she said. At an average of $146 per breach per record, attacks adds up over the course of 10,000 records, she said.
But beyond money, what Francisco wanted to emphasize is the personal impact of a breach. She shared a series of vignettes to drive home the point that when code is insecure, real people can suffer.
She compared the problem to trying to rescue drowning children — you can keep pulling them out one at a time, or you can go upstream to stop whoever is pushing them into the river in the first place. So far, developers have been pulling them out one at a time, instead of solving the real problem, she added.
“We as developers, we are doing this every single day that we ship insecure code and the people that are driving the customer journey — that’s you, that’s your friends, that’s your family, that is everyone who has to deal with your code,” Francisco said. “Software’s not regulated. There is no responsibility to the threats that we are imposing on all of our users and we don’t think about our responsibility to security to safety. For our users, it’s equivalent to no brakes, no airbags.”
