How would you describe the relationship between the security teams and development teams of your organization? Chances are your words like & # 39; tense & # 39; or & # 39; distrustful & # 39; used. This is because the two groups often have the feeling that they contradict each other and stand in each other's way. Security sees itself as resolving the vulnerabilities that developers create while developer security is a series of speed bumps that prevent them from reaching their milestones on time.
That is the core of the problem. Why can't there be common goals for both teams? Software giant Microsoft believes it has achieved a common goal between development and security activities and that this shared goal has led to better security for both internal and commercial software and services.
Microsoft's approach is simple and is based on good, consistent training and communication. Implementing that approach is not that simple. It requires buy-in from both groups, ongoing training, effective communication and, more importantly, strong support from executive management.
CSO recently spoke with Bret Arsenault, CISO of Microsoft, and Bharat Shah, vice president for security technology in the cloud and AI division of Microsoft, about how the developers and security professionals of the company work together to build security in its tools and products .