You could say Kris Lahiri, VP operations and chief security officer at enterprise file sharing platform provider Egnyte, was a bit of a skeptic when he first considered adding crowd-sourced penetration testing to the firm’s application security regimen. Indeed, the idea of giving permission for a bunch of unknown eyes to scour over their systems to see what they uncover is enough to make many security professionals hesitant.
Over the years since its founding in 2007, Egnyte’s approach to ensuring it was releasing software that didn’t place customers at-risk went through the evolution one would expect. Initially, the company identified and mitigated web application flaws that slipped through development with manual web application tests, explains Lahiri, but hiring outsiders to conduct software code assessments proved to be more time-consuming for their pace of updates. “We realized that the entire process takes about two to three weeks, and we could never move rapidly. Being a software-as-a-service company, we are innovating fast,” Lahiri says. Lahiri explains that, typically, Egnyte publishes new software updates, features and enhancements every two weeks. “It became clear that deep-dive manual application security assessments every six months, while valuable, is too slow,” he says.
Read full article here.