The presentation discusses the importance of embedding security at every stage of the development process and highlights the prevalence of human error in causing data breaches.
- Developers spend only a small percentage of their time writing code, with the majority spent on debugging and fixing vulnerabilities.
- There are over 125 vulnerabilities, with the top 21 accounting for 400 CWEs, including design vulnerabilities, SSRF, CSRF, and authentication.
- Embedding security at every stage is crucial, including threat modeling, policies as code, peer reviews, and penetration testing.
- Insufficient logging and monitoring is a significant issue, and incident response teams are essential in containing and mitigating the damage of a breach.
- Human error is a prevalent cause of data breaches, accounting for 25% of all breaches in 2020.
- Developers are motivated by features and functions, while security is focused on finding problems.
The speaker shares a story of a famous organization that lost one-third of its market cap, equivalent to $5 billion, due to a bad version of Struts in 2017. The incident highlights the importance of brand and the potential financial impact of a data breach.