Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]
By Mark Miller
2 minute read time
Editor's Note: Larry's story is included in "Epic Failures in DevSecOps, Volume 2", available for free download.
"You can characterize the history of software engineering as an unending cycle of pendulum swings in search of a Goldilocks compromise that we never quite achieve. The Rational Unified Process (RUP) was people and process oriented, which was followed by Extreme Programming (XP) which was engineering oriented. Then, Agile took us back to people and process, followed by DevOps which is again more engineering focused.
The most fundamental epic failure is believing that you can sprinkle pixie dust on an already completed application to make it secure. This failure has been and continues to be widespread across the industry. When I started at Comcast, this was the general situation. Boundary protections like network firewalls as well as bolt-on solutions like web application firewalls were at the heart of our cybersecurity approach, despite the fact that the vast majority of security incidents were attributed to flaws in the underlying system design or software vulnerabilities." -- Larry Maccherone
Justin Miller interviews Larry Maccherone on his work helping to transform Comcast, his history prior to Comcast and on his chapter "Shift Left, Not S#!T Left" in the second volume of Epic Failures in DevSecOps.
Written by Mark Miller
Mark Miller serves as the Senior Storyteller and DevOps Advocate at Sonatype. He speaks and writes extensively on DevSecOps and Security, hosting panel discussions, podcasts, and webinars on tools and processes within the Software Supply Chain.
Explore All Posts by Mark Miller