Have a winning Snapple cap? Redeem at http://www.snapple.com/nothingSnapple is giving away a whole lot of Nothing! Win things like NO bills, NO airfare, and all sorts of other Nothings. Nothing really is something in the land of Snapple. Look under specially marked caps to see if you're a winner!
We all know that data breaches are situations businesses encounter can get extremely complex. State laws start to take hold around breach disclosure, expensive forensics specialists are needed to re-engineer how attacks and/or mishandling of sensitive information occurred... and now, the lawyers are jumping into the fray.
So software is like the weather - its great when the weatherman tells you it will be sunny and 80 degrees, and it actually happens. But when you think it will be sunny and warm, and it rains for 3 days straight, its sort of equivalent to a typical software project not hitting deliverable dates, SDLC principles not adhered to and security certainly not being prioritized throughout the process.
So adding security to the software development mix - OK, its the application security discipline - can mean different things to different groups at a given organization. Whether its sunny, raining, snowing, etc.
One thing that is clear is that throughout the software development process, there are multiple issues that need to be addressed - - but from our perspective at SI, the most important is security. We understand that software has to do cool stuff to perform, helping people accomplish something and certainly, for software companies, help them produce a valuable asset to commercialize.
However, I think we can all aree that software is not created inherently secure, and that its a problem. We have an incredibly unique solution at SI called TeamMentor - its a SaaS-based knowledgebase of secure development guidance, the perfect in-practice companion for dev and security teams to ensure they have a place where they can reference best practices and prescriptive code fixes.
In a webinar last week, "Streamlining the Fix: Diminishing the Impact of Software Vulnerabilities with a Predictive Process", Dinis Cruz and I presented 4 major use cases to help companies understand how we can help, and how TeamMentor can serve as the fundamental, functional solution for development teams. We received a lot of good feedback and I think the reason is we kept it based on how people are using the product to solve real problems, reducing appsec risk and just plain getting better at producing soctware.
Also - here's a little articulation of the 4 use cases - and for those who follow SI, we'll be putting a few of these use cases to the test by way of further demonstrating them for you. So stay tuned, but in the meantime, if you are a member of a security team, development team or a security consultant, these use cases apply to you:
Static Analysis Integration - Overview:
There are a number of use cases for using TeamMentor. Whether you are trying to complement a training program to give developers the secure guidance they need; or provide best practices/checklists to map to, like OWASP; or meet compliance requirements, like PCI, and map your remediation practices in accordance with all 12 PCI requirements.
But there are some very specific use cases that we are starting to see regularly, that are articulated here:
Hopefully this is helpful for you, like a weatherman's correct prediction of sun, or at least a recommendation, like "bring an umbrella b/c its going to rain - sorry about that."
If you want to try TeamMentor, click here. If you want to view videos on what TeamMentor is and how it works, click here. (You'll also be able to see previews of our TeamProfessor appsec eLearning courses here too)
Sitting at lunch the other day in my office at SI, we were discussing great advertising campaigns, or at least funny advertising campaigns. I started laughing like a teenager when I mentioned the JackLinks Beef Jerky commercials. A few people acknowledged they were familiar with the campaign, but I'm not sure folks find the commercials as funny as I did. I dunno, yah basically I still have a teenager's sense of humor I suppose.
So I'm on my way to Vegas for the ISACA GRC conference, and here comes the latest commercial from the "Messin' with Sasquatch" campaign. I'm way more excited than I should be, more excited in fact than being able to toggle between Sportscenter, Mike & Mike and some random west coast pre-season college basketball game on JetBlue. My TV actually works, score! http://youtu.be/vvLPeMw0HCc
For those of you who don't know the premise of this campaign, and kudos to Carmichael Lynch for the concept - - essentially, its typically misinformed and just dumb guys who are unknowingly in Sasquatch's presence out in the woods, as they are eating Jack Links beef jerky. Typically they are engaging in some type of activity, and sometimes its not clear what they are doing. And instead of being scared, they typically want to mess with Sasquatch, and tease him somehow with the beef jerky only to not give him any. Not cool to do to Sasquatch people.
The latest one, and the best yet as far as I am concerned, feature a bunch of teenagers having a rave-like dance party in the woods, complete with glow sticks. Cue Sasquatch entrance with massive growl, scaring most of the rave away with the exception of two jokers who, as they are mowing Jack Links, think Sasquatch is dumb. (My daughter always reminds me that 'we don't say stupid.' So I don't.) So they tease him with a glow stick, and throw it, ticking Sasquatch off. Then they do it again. Then he loses it, grabs one of these punks and throws him maybe about 30- 50 cinematic feet and he crashes into the port-a-potties. They fall over, the third one opens up and a woman falls out. And clearly something is smeared all over the fallen john. Clearly the locker room-esque style resonates with me. And now that I have seen the commercial twice on this flight, I am cracking up, hope I see it again too. You'd think I was watching Comedy Central.
OK, my point here is this - I am sure Jack Links is good, but is it better than Slim Jim's? Come to think of it, Randy "Macho Man" Savage's 'Snap into It" catch phrases were great too, back in the day. Does the advertising campaign take away from the perceived value, or the quality of the Jack Links product? I'm not really sure.
However, what makes a product just be a product, where the only thing you really ever see around the product, other than the product itself in a jar at the Shell station counter, are the commercials? Does anything from a consumer product like this translate into the enterprise world? Sure big brands like IBM or HP or Oracle or Microsoft typically command attention, but how is this possible in an emerging market for small companies? I'm not really sure of the answer.
But here are a few things I've been thinking about that I'm going to experiment with to see what type of uptick in interest, traffic and demand we can generate:
--Add a series of comic videos - I have been thinking about this for a while. Taking some of the real issues that we deal with in the application security industry, and slightly poking fun at some of the challenges people face in the market, as well as our own technical geekdom.
--Potentially drop the video series into a microsite that will be separate from the corporate site, just to bring folks to a new destination.
--Collect information and provide some type of incentive to visitors, and maybe even solicit comical scenarios.
Anyway, I don't know if this will make a major difference, but I hope it will, and I'm pretty sure it might be fun too. In the meantime, feed your wild side baby!!!
New TeamMentor video up and running.
Or check it out right here.