Oded Vanunu is the Head of Product Vulnerability Research at Check Point Software Technologies. He sat down with Enterprise Times recently to talk about what he does and what organisations could do to improve security.
The rise of cybercrime and nation state hacking groups has brought with it very sophisticated attacks. This is why Check Point created internal product groups to attack software and find vulnerabilities in order to protect customers.
Oded’s job includes running a team of white hat hackers who look for software vulnerabilities. Importantly, he also has carte blanche to attack his employers own software, something that few organisations, including security vendors, talk about. This is not just about Check Point hacking its own code to ensure it is secure. Oded says that security audits and checks ensure that software is designed securely, tested constantly and, by the time it is release, can be trusted by customers.
All of this is something that organisations need to think about themselves. We have had more than a decade of companies talking “secure by design”. In that time we have seen more and more software breaches and vulnerability disclosures. Something is clearly not working. It is not just about poor patch management but also how the IT Security, Development and Operations teams interact. Too often, time to market overrides the requirements of making software secure. The challenge is how to redress that demand and improve software quality.
To hear what else Vanunu had to say listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there.