Justin Cormack on Integrating Security into Software Building

In this episode of Semaphore Uncut, Justin Cormack, Senior Security Engineer at Docker and member of the Technical Oversight Committee at CNCF, shares insights from the security industry. We talk about why it’s important to think about what could go wrong when building software, how hackers are now exploiting vulnerabilities before shipping your code to production, and what companies can really do and use to secure their products.

Key takeaways:

  • Security – a matter of software quality
  • The threat modeling practice – understanding the potential security threats
  • Using the experience of experts
  • Supply-chain security
  • Security integration into CI/CD pipelines
  • Important vs. overhyped practices in the security industry