Picture of Darren P Meyer

Darren P Meyer

an information security researcher, technology hobbyist, maker, parent, and rabid moderate. I work at Veracode, but I don't speak for them here.

Developers Can and Should Own AppSec

Security professionals tend not to trust development and quality teams when it comes to application security, and so they try to force compliance with a rigorous AppSec program.

But especially in Agile, DevOps, and similar rapid development methods, that tends to cause a lot of problems. Development teams can and should own their own AppSec program—one that meets their needs—whether or not their security team supports them.

One way to do that is Responsive AppSec: and I wrote an introduction to Responsive AppSec on the Veracode Blog. The comments system there sucks, so if you have a response, please tweet at me @DarrenPMeyer.

Veracode Internet of Things (IoT) Security Whitepaper

I contributed research and analysis to a Veracode whitepaper on IoT security risks

The choice of “Cyber” branding is unfortunate, but the work is solid and carefully done. It documents both the bad and the good security decisions discovered in a selection of six consumer-targetted IoT devices.

Update: the Veracode site is requiring an email to view the PDF; here’s a direct link for those who wish it.

Page 1 / 1