In August, Software Magazine published Tozny CEO Isaac Potoczny-Jones’ article on building security into the software development lifecycle. His key point is that the market demands of software development encourage leaving security to the end user for a variety of reasons:
- Many companies want to validate a market before investing in product security, so the “minimum viable product” (MVP) approach might leave it out.
- The risk of getting attacked is lower at the beginning of a product’s lifecycle, so companies can validate a product by getting market traction even if it has vulnerabilities.
- Ultimately, it comes down to a false assumption that your “minimum viable product” will not attract serious attackers, but this presumes that you do not get traction or media attention, which is a lose-lose proposition—either your MVP is a failure, and so security doesn’t matter, or your MVP is a success and you will get attacked.
Read the full article here!