How product security reached maturity

2023-04-24 07:47

"Looking at it today, one of the biggest changes is that we understand that product security is a practice with its own people, its own budgets, and so on. These teams are usually made of those who view themselves as peers to IT security teams within the organization."

"So I think a lesson that we learned is that we need to build a product that will cover the product security aspects that are common across industries with the right processes, the right reports, the right dashboards, and the right workflows. That will be the same pretty much across all verticals. On the other hand, we also understand that each customer is a project unto itself. You need to understand each customer's proprietary bill of materials because every customer has different ones. You need to understand the architecture of specific devices and how to recognize specific stages in their lifecycle."

Managing product security vs. Doing product security.

Looking back at what the IT security industry went through in the last 20 to 30 years, we can begin to understand the trajectory of product security.

A big part of that is SBOMs. Slava shared that it has been great seeing people generate SBOMs as a critical piece towards impactful product security.

Ultimately, product security as a discipline has come a long way from a decade ago and it also has a lot of exciting, yet unknown opportunities that lie ahead. What's important is for security teams to consider the unknowns by creating processes and workflows, which allow for the mitigation of vulnerabilities today and into the future.

News URL

https://www.helpnetsecurity.com/2023/04/24/slava-bronfman-cybellum-product-security-podcast/

#security