News   April 11 2023

Product- and development teams have a key role in cyber security

We talk a lot about secure servers, multi-factor authentication, strong passwords, and updating devices to patch security holes. And that’s good. But an equally important, but often overlooked, security risk is poor communication between developers, middle managers and top management. Many major security incidents could have been avoided if the three levels communicated better.

Information security
Portraits of Nils Ivar Skaalerud and Andreas Hegna

Nils Ivar Skaalerud, COO Junglemap and Andreas Hegna, CEO Tagore.

Sometimes it’s a matter of lack of engagement, but more often it’s a lack of knowledge that threatens safety. Unfortunately, this applies to both developers and product managers. Developers need to learn how to flag vulnerabilities, and product managers need increased security skills to give developers the time and space to deal with them.

Furthermore, all companies need product managers who have enough confidence to raise security challenges in meetings with top management and policy makers. It's often a tough fight. Security and integrity take time and doesn’t give the same immediate return on investments as developing new products and services.

Vulnerabilities such as bad authentication and cryptography errors have been on OWASP's top 10 list for many years and are known to many developers. But how many middle and senior managers listen when developers point out such vulnerabilities? Our experience is that not many are taken seriously, and that security remains a footnote in development and design processes.

The number of demands for higher security competence in development teams is on the rise. Wich is good, since this in itself is a big need. But the security challenges will remain unless managers at all levels become aware of the risks, support the developers, and take the risks seriously. 

Managers and developers alike need to understand how criminals think. Only then will senior managers take them seriously.

New OWASP top 10 course

With decades in the IT industry, we have seen the consequences of poor communication far too often. That's why Junglemap and Tagore in collaboration have now developed a new role-based course for product and development teams.

Nils Ivar Skaalerud, COO Junglemap and Andreas Hegna, CEO Tagore.

Read more about Cyber security for product and development teams here. 

News   April 11 2023