“The appeal of using one technology that’s free rather than buying a licensed, chargeable piece of software is apparent. But so are the risks. It is concerning that some developers are simply ignoring the policies crafted and communicated for their organisations, likely for the sake of speed and costs.”
Helen Beal, DevOpsologist | Ranger4 | United Kingdom
“Just like testing and refactoring have been recognized everyday, isolated steps in the development cycle, so to should security."
Joost van der Griendt , ABN AMRO | The Netherlands
"Making security a natural part of the SDLC will make it more resilient and valuable. It should be 'something we do' rather than 'something we are told to do'."
Pauly Comtois, Hearst Business Media | United States
"Who can sleep if they are worried that their code is insecure?"
Barry O’Connell, Deutsche Bank | United Kingdom
"Security feels too widely regarded as a hurdle, to be overcome once, when it should be a fluent part of everyday development."
Skjalg Teig, Capra Consulting | Norway
"Involving external groups to perform security tests (e.g., pen testing) is expensive and doesn’t scale when we’re releasing frequently. We need to build security in, the same way that we build quality in."
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759 Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102 Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia London Office - 1 Primrose St, London EC2A 2EX