What kind of (security) dog are you?
2023年8月25日
0 分で読めますAugust 26th is International Dog Day! And here at Snyk, we enjoy celebrating International Dog Day because we love our mascot, Patch!
Patch is a Doberman: an iconic guard dog. Our founder, Guy Podjarny, decided on a guard dog because it’s a friendly companion with fierce protectiveness. Over the years, we’ve featured Patch in our annual “Fetch the Flag” event, included him on limited-edition NFTs in 2021, and so much more.
In honor of International Dog Day, we’ve created a quiz: What kind of (security) dog are you? And while you’re taking it, tell your dog that we say hi and give that good boy or girl a treat on our behalf!
Quiz: What kind of (security) dog are you?
How does your organization handle writing SBOMs?
We ask the development teams to submit which open source components they use and add them to a list.
We use a tool to compile and maintain an up-to-date SBOM automatically.
We haven’t run into the requirement to write one yet. Once we do, it’ll be a big annoyance.
How would the developers at your organization describe the security team?
Uninterested in flashy trends and “the latest and greatest.”
Empathetic and innovative with new tools and practices.
Mainly focused on meeting regulatory requirements.
What does your organization think of AI?
We don’t trust it and avoid it as much as possible.
We are cautiously optimistic about it and thinking strategically about using it for good.
We’re all about it!
What’s your organization’s take on securing third-party base images?
We try not to use third-party components whenever possible because they’re unsafe.
The security team either curates a collection of golden base images or scans containers to ensure they’re secure.
We don’t monitor them because we often get pushback from the developers and don’t want to give them another reason to dislike us.
What are the security tools at your organization like?
Backed by years of use within our organization. Tried and true.
Developer-friendly, first and foremost.
Whatever we could find to meet regulatory requirements as cost-effectively as possible.
When in the development pipeline does your team perform security testing?
At the end of the pipeline, before deployment.
Throughout the pipeline. We try to be as proactive as possible.
Technically we’ve put tools in place to shift left, but most developers don’t even use them because it’s too much trouble.
What does security training look like at your organization?
It’s a series of slide presentations for new hires to review during onboarding.
We provide developers with interactive training to strengthen their security knowledge throughout the year.
It usually comes directly after a significant breach hits the headlines or when we need to “level up” our security in preparation for an audit.
Results
Mostly 1’s: You’re a Basset Hound!
Like a basset hound, your security team is loyal and laid-back but can be stubborn and set in their ways. Your security program might have functioned well a decade ago but is starting to lose steam in today’s fast-paced development world. To learn more about integrating security into a CI/CD pipeline in 2023, check out our blog post: Building a security-conscious CI/CD pipeline.
Mostly 2’s: You’re a Doberman!
Your security team strikes the perfect balance between developer-friendly and watchful for security risks. You strike this balance by implementing the right tools in the right places, staying in touch with current development trends, and facilitating collaboration between the dev and sec teams. You aren’t afraid to try new things, but only if these innovations benefit both the development and security teams.
Mostly 3’s: You’re a Golden Doodle!
Your organization is all about innovation, cool tech, and getting results from your software. You’re excitable and ready for the next best thing like a Golden Doodle! But because of this attitude, your organization often sees security as a hindrance, not a help. And you only slow down for security when legal requirements force you to do so. But security doesn’t have to be a downer for your development team. Check out our blog post to learn how security and development teams CAN get along.
Happy International Dog Day!
Whichever dog you are, Snyk can help you develop and deploy secure applications. Book a live demo today where you can sit down (virtually) with an expert who will show you how to stay safe with Snyk.