Jeremiah Grossman: Web Developer Resources are Scarce, Security is a Trade-Off

Tuesday, November 06, 2012

Web Developer Resources are Scarce, Security is a Trade-Off

If a Web Developer doesn’t release a revenue generating feature on time, the business will FOR A FACT lose money. If a Web Developer doesn’t fix a vulnerability, it MAY be exploited, and MAY cost the business money. Neither is guaranteed. Since Web Developer resources are scarce, how should the business decide the right course action from a justifiable risk-management perspective?

This Web Developer resource trade-off is extremely difficult to quantify and why I believe website vulnerability remediation rates are only at 63% taking an average of 38 days to fix.

If the Application Security industry wants the business to listen to our guidance, we must answer this fundamental question. Until such time, application security comes in a pizza box.

No comments:

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.