Steven Hutchison, test and evaluation executive for the Defense Information Systems Agency (DISA), one of the world’s largest testing operations, in an article on NetworkWorld says that his biggest piece of advice for corporate CIOs is to get security testing experts involved at the earliest possible stage of software development.
“We try to get the security tests involved right from the beginning,” Hutchison said. “We’re running the tests and finding and fixing problems very early on so we have a high degree of confidence when we can get the systems fielded.”
DISA uses internal hackers, which it calls “red teams,” to continue security testing once systems are operational. Red teams try to penetrate systems and take action, such as stealing data. Hutchison says using internal hackers is something he would “absolutely” recommend to CIOs so they can find and fix their own vulnerabilities.
Latest posts by Content Team (see all)
- IndicThreads Pune 2016 To Equip Developers For A New Age Of Software Development - May 27, 2016
- Java Garbage Collectors – Moving to Garbage First (G1) Collector - May 25, 2016
- Using Lambdas and Streams in Java 8 - May 18, 2016