Application Security
,
Next-Generation Technologies & Secure Development
,
Secure Software Development Lifecycle (SSDLC) Management
Peter McKay on Improving Developer Practices, Integrating Security and Cutting Risk
One major lesson from the massive July 19 CrowdStrike outage is that organizations should take proactive measures to mitigate risks in fast-paced software development environments, according to Snyk CEO Peter McKay.
See Also: Breaking Down Silos With a Holistic View of Security, Risk
A faulty update CrowdStrike pushed to its Falcon endpoint detection and response software affected 8.5 million Windows hosts, leading to what appears to be the largest IT outage in history. Embedding quality, performance and security into modern development practices lowers the likelihood of a faulty update or patch disrupting customer operations, McKay said. Keeping pace with fast development cycles requires quickly finding and fixing vulnerabilities through the use of automation and AI as well as learning from industry incidents to improve software security and client communication (see: Snyk Buys Reviewpad to Help Developers Contribute Code Fast).
“Don’t miss an opportunity to learn,” McKay said. “CrowdStrike has done a really good job in how they’ve handled it. They’ve communicated it, taken responsibility and helped companies like Snyk ensure those things don’t happen to us.”
In this video interview with Information Security Media Group, McKay also discussed:
- The implications of the CrowdStrike outage on development practices;
- Effective communication strategies to use with customers during incidents;
- Leveraging automation and AI for faster, more secure development.
McKay, who has led Snyk since 2019, previously served as co-CEO and president of backup and data management platform Veeam. Before that, he led desktop-as-a-service company Desktone and spearheaded its acquisition by VMware, where he ran the virtualization giant’s $3.7 billion Americas business. Prior to joining Desktone, McKay led web application security vendor Watchfire, which was acquired by IBM.