Advice for Building Scalable Product Security Programs
Mike Hatherall shares advice for security leaders building modern, scalable product security: start with a data model, align terms, and automate visibility.
•0:35•HD•0 views
Advice for Building Scalable Product Security Programs
Transcript
What’s your advice for security leaders or architects who are trying to build a modern, scalable approach to product security?
I think any advice that I can give to security leaders building modern programmes is to start off by defining your data model. Understand what's a product, what's a component, and what's a finding, what's a vulnerability. Make sure that everyone uses the same definitions.
Automate anything you can to make risk visible, and once you do that collaboration and accountability should just flow naturally.