Why Software Security Management is very similar to managing wildfires

by | May 19, 2021 | Blog

Share This Story, Choose Your Platform

Every year July through November brings in the risk of wildfires in the United States & Canada. Wildfire damages were second only to the chaos of the COVID-19 pandemic in 2020. The year 2020 was a record setting one (for all the wrong reasons!) – for California and the United States overall. NIFC reported that as of Nov. 27, 2020, there were 52,113 wildfires that had burned 8,889,297 acres in 2020. This is approximately 2.3 million more acres burned than the 10-year average and almost double the acreage burned in the 2019 season.

For most of us, the risk of wildfire may seem like a distant problem, but the growing cost of fighting these natural disasters & the scale of the economic damage wildfires have on humanity got me thinking and I started drawing parallels to what we at Code Dx do in software security and how we try to safeguard systems from malicious hackers trying to engage in data theft, espionage, and other illicit activities that can wreak havoc with communities worldwide.

Based on a report by ISACA & Cybersecurity ventures, Cyberattacks rank as the fastest growing crime in the US, causing catastrophic business disruption. Globally, cybercrime damages are expected to reach US $6 trillion by 2021. The wildfire damages from California alone were closer to $200B in 2020 and expected to worsen YoY if it is left as is. The extent of community, economic and environmental damages make this a much bigger problem than originally envisioned. This is why in a report by various United States Federal Agencies in February 2021, wildfires were tagged as a category-1 climatological natural disaster with a recommendation urging the need for an integrated and proactive national strategy that focuses on reducing the risk of wildfire and protecting our natural resources.

Let us now put this into the perspective of managing software security and understand some of the headline grabbing exploits in the past year. 2020 saw a lot of activity starting with a ransomware attack on Finastra before the start of the Covid-19 pandemic and ending the year with the now infamous Solarwinds supply chain exploit. These incidents help corroborate the analogy above and help further validate how the absence of an integrated and proactive organizational strategy is limiting our ability to control & prevent these exploits.

This is where vendors like Code Dx & Secure Code Warrior have joined forces to launch Project Better Code that aims to help organizations have an integrated and proactive organizational strategy at managing software security. Code Dx automates the arduous workflows needed to centralize finding, analyzing and fixing security vulnerabilities across disparate security tools—at DevOps speed. Code Dx orchestrates scan automation, automates triage & prioritizes tracking & remediation of vulnerabilities. It does this while continuously assessing the security risks across the entire software lifecycle. The Code Dx-Secure Code Warrior integration allows developers and security teams to view just-in-time, targeted, context-specific micro courses for the issue at hand and offer ways to proactively reduce the possibility of recurrence in the future. Secure Code Warrior’s Learning Platform makes secure coding a positive and engaging experience for developers as they increase their software security skills.

Project Better Code addresses the need to fix today’s vulnerable code while developing better coders for tomorrow.

Click here to learn more about Project Better Code.

Share This Story, Choose Your Platform