Secure Architecture and Design
After that diversion on the Google bug bounty hijack, we’re back on our series on Secure Continuous Delivery. So far we’ve introduced a reference delivery pipeline and talked about the need for education and awareness. In this article we’re going to dive into the important topic of producing a secure systems architecture and design. For the purposes of this article, the distinction between architecture and design is not critical. We’re primarily interested in what happens before the system is implemented.
Google Bug Bounty
We’re taking a break from our series on Secure Continuous Delivery to talk about the Google Bug Bounty. Although we’re not actually talking about Google’s Bug Bounty program… instead we’re talking about what appears to be an attempt to exploit people that are searching for it. If you search for google bug bounty using Google, take a close look at the first result. This is not an advert or sponsored link.
Security Education and Awareness
In the previous article we introduced a basic delivery pipeline as a point of reference for this series. One of the risks I presented initially was the tendency to reach for tools and automation instead of starting with education and training. To then dive into particular tools and techniques would be contradictory, so we’re going to start with education and awareness. Bearing in mind the focus of this series is on Secure Continuous Delivery, we’re specifically looking at the education and awareness aspects of security as it relates to software delivery.
Reference Delivery Pipeline
One of the pieces of work I’ve been focused on recently is building a strong software security capability for one of my clients. They want to ensure that the services they build and operate in production are secure, but they aren’t able to embed security experts into each team. This is a common theme across the industry as suitably skilled security engineers are hard to come by. In light of recent news about cyber security breaches and attacks, many organisations are looking to invest more heavily in protecting themselves from these kinds of threats.