DevelopersDevOpsFeaturedLet's TalkSecurityVideo

Improve Software Supply Chain Security With BluBracket

0

The shift left movement has pushed more onto the developer’s pipeline including security. However, with the challenge of securing mission-critical applications and navigating cloud and edge environments, security can often present difficulties for developers. There is an increasing need for security at a code level, and one of the ways to do this is by integrating security solutions into the developer’s environment.

BluBracket recently announced an enhancement to their code security solution, claiming it makes the most effective and complete solution to protect enterprises from supply chain attacks. The enhancement aims to help developers identify and eliminate risks in code reducing the attack surface of the software supply chain.

In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Casey Bisson, Head of Product and Developer Relations at BluBracket, to discuss the challenges of securing code for developers and why it is important for them to have the right tools to understand and fix security problems.

Key highlights from this video interview are:

  • BluBracket protects software supply chains by preventing, finding and fixing risks in source code. One of the key challenges of securing code is there is too much noise and false positives, making it difficult to see the real vulnerabilities. Bisson explains how BluBracket secures the entire workflow.
  • The changing landscape of how we develop and deploy applications presents a number of challenges, from navigating the cloud to securing mission-critical applications. Bisson discusses the security challenges developers face today and how we can empower them to treat the security of their code as a quality issue.
  • Although bugs are a part of the software development process, there is a human aspect as well as a technical aspect to consider. Bisson explores the role humans play in security and why it can be challenging to talk about secrets in code as a risk.
  • Bisson shares his insights into the importance of developers understanding the software supply chain and securing it. He explains the risks of using components that were not built by the developer. Vulnerable components can also lead to attacks, and problems have arisen from developers taking legitimate components and changing their behavior.
  • With the shift left movement developers with more being placed in their pipelines, but it’s not just a case of working with modern code, there is still code from 40 years ago. Bisson discusses how we can navigate the evolution of code, improving efficiencies and constantly building skills and evolving to ensure vulnerabilities are found.
  • BluBracket initially started by focusing on secrets in code, but has since expanded to giving developers feedback on the security outcomes of fixing issues. Bisson shares why he feels it is important to give developers the tools they need to fix security problems and receive that feedback.
  • Security teams can hold things up when telling developers how to rely on security. Bisson explains why it is important when building solutions that other teams allow developers to secure things in a way that doesn’t affect velocity, and why that improves the outcomes.
  • Bisson shares his best practices for organizations to follow so that the code their developer is writing and deploying is secure.

Connect with Casey Bisson (LinkedIn, Twitter)

Learn more about BluBracket (LinkedIn, Twitter)

The summary of the show is written by Emily Nicholls.

Read Transcript

Don't miss out great stories, subscribe to our newsletter.

Voltron Data, DataStax Join Hands For Improved Interoperability Between Arrow And Astra DB

Previous article

Adoption Of Industry-Specific Clouds Is Increasing But Challenges Still Remain | Danny Allan

Next article
Login/Sign up