When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand.
It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory. It doesn't have to be 'us vs. them'. We are supposed to be a team.
Join us this week as we discuss that very topic with Bill #Sempf. Bill has spent nearly 25 years doing software development and security, working as an independent contractor for dozens of companies on hundreds of #software #projects. He helps us figure out how to speak 'dev', and to develop a mindset that will ensure you can get the most out of interactions with developers and coders.
Show notes: http://brakeingsecurity.com/2015-045-care-and-feeding-of-devs-podcast-edition-with-bill-sempf
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-045_Bill_Sempf-care_and_feeding_of_devs.mp3
Bill's #DerbyCon Talk "#Developers: Care and Feeding":
Bill's Blog: https://sempf.net/
Bill's Twitter: http://www.twitter.com/sempf
Check us out using the #TuneIn App!: http://tunein.com/radio/