At Josh Corman’s presentation during AppSecEU 2015, he brought up the analogy of buildings codes, those laws and regulations that mandate how architectural buildings are built. It’s the reason earthquakes in some regions of the world are so devastating, while even stronger ones in other areas cause minimal damage.
Josh’s question is a simple one: Why do we lack building codes for building software code? What laws and regulations are in place that mandate secure, quality software that won’t “collapse” when under attack?
Mark Miller serves as the Senior Storyteller and DevOps Advocate at Sonatype. He speaks and writes extensively on DevSecOps and Security, hosting panel discussions, podcasts, and webinars on tools and processes within the Software Supply Chain.
