29. Crowd Sourced Current Solutions Inadequate
Internal Teams Developers
Dev Site A Dev Site B
Security Consultants
⢠Very expensive
⢠In short supply
iPhone ⢠Time to results too long
Dev Site C Apps
Crowd
Internal Sourcing Tools
⢠Do not scale across sites
Open 3rd Party ⢠Very high noise ratio
Source Open Software Software Vendors ⢠Can not test 3rd party code
Source SYMC MSFT ⢠Separation of duties issue
Outsourced
Developers
Offshore ⢠Do not know how to write
Oracle secure code
Provider
⢠Prioritize time-to-ship,
functionality over security
Processes
⢠Difficult to implement
Eastern China ⢠Years to fine tune
Europe India ⢠Low adoption (< 1% of US
Contractors companies CMMI Level 5
certified)
Unknown
Skills
33. Whitelisting
⢠Conduct static analysis of candidate applications
⢠Create a whitelist
⢠Use an unbiased 3rd party
⢠Enforcement via mobile policy