One long-awaited trend that's finally begun to take off is attention to security at the application level. It's not surprising as hackers are increasingly focusing on applications and data. But it takes time to develop the capability to build better security into applications. Fortunately we're now seeing the emergence of better methods, technologies and services to manage and identify vulnerabilities throughout the system development lifecycle, as well as to secure legacy applications.
Over the last few years I've been impressed by the expertise of specialist companies in this area such as Secerno and IOActive. Earlier this week, I met the team behind SPI Dynamics who were acquired last year by HP. They're a bright, creative bunch of guys out of Georgia Tech, who seem set on revolutionising HP's capability in application security management. I particularly like the fact that they're also focusing on securing HP's internal systems. That's an essential basis for building a good reputation, and an example to others. I wish them well.
