By Charles Weir
Nowadays to all the other demands on us, we software developers have added the responsibility of safeguarding: keeping our users and stakeholders cybersecure, sufficiently private, and free from other harms.
But how are we to do that? Based on recent research at Lancaster University, this talk explores the ideas that cybersecurity is not all-or-nothing; that safeguarding decisions are a business and moral matter as much as a technical one; and that developers can use industry-wide security information to help inform those decisions. You will learn how you can help make that decision-making both easier and better.
We shall discuss using component and source code analysis tools in the DevOps workflow to improve security, and how to work with product owners to prioritise the resulting warnings and reports.