Podcast: Play in new window | Download (Duration: 29:06 — 33.3MB) | Embed
In this Spotlight Podcast, sponsored by Synopsys* Ravi Iyer, the Head of Product Management talks to us about the “democratization” of software development, as more and more companies become software publishers. Ravi and I talk about Polaris, a new software integrity platform that integrates a wide range of software testing and analysis tools into a common platform.
Thirty years ago, software engineering was limited to a few corporations. Companies like IBM, Microsoft, Apple, DEC or Oracle wrote software. Other companies made “stuff.” But it’s a truism these days that nearly every company is a software company. Whether your company makes jet engines, or automobiles or kitchen appliances or even watches and sneakers, the chances are that what you make is running software in some form. Increasingly, your “stuff” is also connected to the Internet, as well.
All that software offers tremendous new opportunities for organizations. But it also harbors risk in the form of software vulnerabilities – some of them exploitable in ways that pose a risk to the integrity of applications, data, IT environments and even physical safety.
Waiting for Federal Data Privacy Reform? Don’t Hold Your Breath.
Software development has become a core competency of modern organizations and so has software security and secure software development.
That’s where our guest this week comes in. Ravi Iyer is the senior director of product management at Synopsys and part of the software integrity group there, which is dedicated to helping companies build secure software and to do it in keeping with modern, agile DEV-OPS environments.
The challenge, Ravi tells me, is that software development is a complex and multi faceted process – and is only becoming more-so. Modern development spans software design and development, quality assurance and testing, deployment and management. Increasingly, software integrity issues go all the way up to the C-Suite as executives consider how software based risks might affect their overall organizational risk.
In this conversation, Ravi and talk about a new platform that Synopsys introduced this week. Dubbed Polaris, a software integrity platform that integrates a wide range of software testing tools for static and dynamic testing, software composition analysis, interactive security testing and more into a common platform.
Tread Lightly with Threat Intel Add-Ons
In this conversation, Ravi and I discuss the changing dynamics of development organizations. This includes what Ravi calls the democratization of security. “It used to be that security was managed by a single organization that was the gatekeeper. That has proven to not be very effective.” Now, he says, security is the responsibility of an entire organization. That, in turn, requires more and more different types of roles in the software development process.
Ironically, one of the areas of greatest needs in an organization is within the development group. “One of the places where knowledge of secure coding is weakest is among developers,” he said. “They don’t come to write secure code, they come to solve a business problems.”
Check out our full conversation, where Ravi and I talk about the biggest challenges facing development organizations today, including the lack of secure development talent and how more organizations are turning to managed services for assessing the security of software applications.
(*) Synopsys is a sponsor of The Security Ledger. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
