Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 0

Security Is A Quality Issue

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning everybody. How you doing today? Thanks for joining me on the show. I'm very much appreciate it. I'm taking a bird of a break between the bases Basics series. We wrapped up for the phase one decided. I'm getting some great feedback on where you want to see me go with the basic Basics.

I'm so talking about things like how some fundamental protocol the internet work how things like a browser Works operating system stuff like that, too. I'm really understand the context of a lot of security privacy decisions. We have to make what I want to do is take time to talk about some stuff that I may be stuck by a sort of breaking news.

I'm so in the news last week about 12 dropped which has some great security update update your devices possible. But one thing that really highlighted on something that's been going on I continuously so I'm about I'm about building iOS where you can send a text message that will our anyway, you can put malformed stylesheet now actually crash the browser will deny deny service to Safari.

I based on a buck. And the reason why I bring this up is simply because apple has a really good high level of software and Hardware quality. I guess they have a really good process for generating quality software and even they have a vulnerability. I like his papa and I'm sure to be rectified advertise to an issue that's been on my mind a lot and it's something that I've been giving talks about.

I'm about security culture but a boat found how security is a software quality issue. Tulsa Hardware quality issue but more often on at the software quality issue. So it's basically when you start to think about software or Security in it security organizations and how they need to adjust their approach a but when it comes down to from the personal answer the general view the more often you were on things like beta software on the more often.

You're on a smile dealing with an app that does a lot from a small shop the more often and I mean if somebody has a reputation for quality and if it's buggy software the more likely are there are there security and privacy issues with it and this comes down to a fundamental disconnect and how we think about security and we think very much about security as being the discipline of the fact.

I meant as we talked about in The Savage. And all you need is makes pick steps to make an impact early on so if you think about quality in another context you one if you were making a meal do you want to use quality ingredients to make a good meal? If you get the outcome, if you don't you call the ingredients I'm using to have a really poor meal and it's really hard to cover that up and sauce on to make it taste better.

When if you use better to have a much better is a high sugar content sauce that we slather on the end of something else to make up for poor ingredients that we put into the pot in the first place. That's not okay that is causing way more problems. It's costing way more money for organizations to fix those who go back and I went we start to treat security to Quality issue.

You can look at the Quality metrics, which is really well understood far better understood than cybersecurity and so you can How to deal with things in equality contacts and you know that if things that production is going to cost you thirty times the cost ballpark compared to the staging staging before X eyes are silly X compared to the initial planning stage twice as much as the stadium.

So 3215 * original cost going and so if you are just a bunch of the boys, I'm going to production and you can catch the error there you're going to pay half as much as you would if you took it the next step and that's paying in time does paying an actual money if you can catch it in the planning stage and it's 30 times cheaper to catch in the planning stage in the unit that scales up.

I'm so security is very much a quality, but we don't treat it like a quality issue. That's the fundamental problem. So I'm giving the keynote at set for a conference in Toronto Ontario Canada in the first week of October and it's around this cultural disconnect is around armed security being software quality issue.

So if you're around check that out. If not, I'll be posting some supporting material essays and I think they're going to record the top. And afterwards but something else is in the back of my mind isn't talking and what's driving Behind These Basics series and what's driving behind a lot of the work that I've been doing an outside of The Daily Show was here.

So just food for thought today security is very much a software quality issue. Hope you're set up for fantastic day. Let me know what you think about this one. I about this issue. Also put that basic Series where you'd like to see me go on Amazing feedback coming in to helping me shape that up and we'll get that rolling on sure probably later this week.

I'm depending on what hits the news this week. So I hit me up online at Mark and. CA have a fantastic day. Talk to you online and I'll see you on the show tomorrow. Morning everybody. How you doing today? Thanks for joining me on the show. I'm very much appreciate it.

I'm taking a bird of a break between the bases Basics series. We wrapped up for the phase one decided. I'm getting some great feedback on where you want to see me go with the basic Basics. I'm so talking about things like how some fundamental protocol the internet work how things like a browser Works operating system stuff like that, too.

I'm really understand the context of a lot of security privacy decisions. We have to make what I want to do is take time to talk about some stuff that I may be stuck by a sort of breaking news. I'm so in the news last week about 12 dropped which has some great security update update your devices possible.

But one thing that really highlighted on something that's been going on I continuously so I'm about I'm about building iOS where you can send a text message that will our anyway, you can put malformed stylesheet now actually crash the browser will deny deny service to Safari. I based on a buck.

And the reason why I bring this up is simply because apple has a really good high level of software and Hardware quality. I guess they have a really good process for generating quality software and even they have a vulnerability. I like his papa and I'm sure to be rectified advertise to an issue that's been on my mind a lot and it's something that I've been giving talks about.

I'm about security culture but a boat found how security is a software quality issue. Tulsa Hardware quality issue but more often on at the software quality issue. So it's basically when you start to think about software or Security in it security organizations and how they need to adjust their approach a but when it comes down to from the personal answer the general view the more often you were on things like beta software on the more often.

You're on a smile dealing with an app that does a lot from a small shop the more often and I mean if somebody has a reputation for quality and if it's buggy software the more likely are there are there security and privacy issues with it and this comes down to a fundamental disconnect and how we think about security and we think very much about security as being the discipline of the fact.

I meant as we talked about in The Savage. And all you need is makes pick steps to make an impact early on so if you think about quality in another context you one if you were making a meal do you want to use quality ingredients to make a good meal? If you get the outcome, if you don't you call the ingredients I'm using to have a really poor meal and it's really hard to cover that up and sauce on to make it taste better.

When if you use better to have a much better is a high sugar content sauce that we slather on the end of something else to make up for poor ingredients that we put into the pot in the first place. That's not okay that is causing way more problems. It's costing way more money for organizations to fix those who go back and I went we start to treat security to Quality issue.

You can look at the Quality metrics, which is really well understood far better understood than cybersecurity and so you can How to deal with things in equality contacts and you know that if things that production is going to cost you thirty times the cost ballpark compared to the staging staging before X eyes are silly X compared to the initial planning stage twice as much as the stadium.

So 3215 * original cost going and so if you are just a bunch of the boys, I'm going to production and you can catch the error there you're going to pay half as much as you would if you took it the next step and that's paying in time does paying an actual money if you can catch it in the planning stage and it's 30 times cheaper to catch in the planning stage in the unit that scales up.

I'm so security is very much a quality, but we don't treat it like a quality issue. That's the fundamental problem. So I'm giving the keynote at set for a conference in Toronto Ontario Canada in the first week of October and it's around this cultural disconnect is around armed security being software quality issue.

So if you're around check that out. If not, I'll be posting some supporting material essays and I think they're going to record the top. And afterwards but something else is in the back of my mind isn't talking and what's driving Behind These Basics series and what's driving behind a lot of the work that I've been doing an outside of The Daily Show was here.

So just food for thought today security is very much a software quality issue. Hope you're set up for fantastic day. Let me know what you think about this one. I about this issue. Also put that basic Series where you'd like to see me go on Amazing feedback coming in to helping me shape that up and we'll get that rolling on sure probably later this week.

I'm depending on what hits the news this week. So I hit me up online at Mark and. CA have a fantastic day. Talk to you online and I'll see you on the show tomorrow.