Great presentation by Mo Rosen, GM of Security at CA Technologies and Sam King, Chief Strategy Officer at Veracode during CA’s Built to Change Summit.

Every company is a software company and every digital experience connects a user with an application. This creates an infinite expansion of threat vectors with compromised user access and breach vulnerabilities.

Every business outcome depends on a secure experience:

• User identity defines brand experience: 83% of organizations say security is critical to the brand and a competitive differentiator.
• Cyberattacks exploit users and applications:
  • 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
  • 90% of breaches exploit application defects.

Software security continues to be largely neglected:

• Only 20% of developers are using the latest version of open-source libraries.
• Only 36% of healthcare industry vulnerabilities are being fixed.
• 97% of Java apps have at least one vulnerability.

As such, getting security right means securing applications and user interaction.

Security is not currently part of the QC process. Developers are not security experts. Humans cannot scan for security defects given the scale of applications. More than two-thirds of the time, security is compromised for faster time to market.

What’s the solution? Shift left, integrate security into the SDLC. Detect security checks while the code is written. Just like we have spell check when writing documents, we need to be using security detection correction when writing code. Integrate security into the SDLC so it’s easy and transparent.

Use real-time analytics and machine learning to balance security without hindering the user experience (UX). Provide baseline user privileges and then use anomaly detection and analytics to change the friction of the interaction based on the knowledge of the end user. This will result in seamless interactions for valid end-users and will result in hackers being stopped as they are unable to meet greater security challenges.