Security needs to be addressed at every stage of a software product's lifecycle, especially in light of agile development, says Sandesh Anand, managing consultant at Synopsys.
"With companies going to production [of products and apps] every day or every week, you can't afford to have a seven-day or a 10-day security assessment timeline," Anand says. "Now you need to shrink the time to perform a security assessment, and that is where the challenge comes in."
With agile development, it's important to incorporate security activities at each stage of the product lifecycle, Anand says.
In this video interview at Information Security Media Group's recent Fraud and Breach Prevention Summit at Bengaluru, Anand also discusses:
- Whether developers can take ownership of security;
- Why implementing security at every stage is critical;
- How security works in an agile environment.
Anand is managing consultant at Synopsys. He has a decade's experience working in the cybersecurity area, with a focus on software security. In his current role, he helps Synopsys customers build their application security programs. He previously worked at a software development firm, a financial organization and a new media start-up.