At Josh Corman’s presentation during AppSecEU 2015, he brought up the analogy of buildings codes, those laws and regulations that mandate how architectural buildings are built. It’s the reason earthquakes in some regions of the world are so devastating, while even stronger ones in other areas cause minimal damage.
Josh’s question is a simple one: Why do we lack building codes for building software code? What laws and regulations are in place that mandate secure, quality software that won’t “collapse” when under attack?
You can view Josh’s entire presentation, Continuous Acceleration: Why Continuous Everything Requires A Supply Chain Approach, on YouTube thanks to the good folds at AppSecEU.