Whose Responsibility is Secure Software? with Steve Lipner, Executive Director of Safe Code, and Karen Worstell, VMWare Cyber Strategist

In this episode, we speak with Steve Lipner, Executive Director of Safe Code, and Karen Worstell, VMWare Cyber Strategist. They discuss the new scale of DevSecOps, secure code, and safely adopting new technologies. Karen describes how modern operating environments differ from older ones, and the concerns involved with quickening development cycles. Steve explains the work of his nonprofit, Safe Code, and the importance of integrating security with a development cycle. They also discuss the future of cloud infrastructure and get into the benefits and possible pitfalls of Chat GPT.---------Key Quotes:Karen "What’s really really different? The type of code we're writing has changed. The operating environment that we're pushing it into has changed. And the time cycle has really changed. It's a concern, to be honest. It's a benefit, but it's also something that worries people."Karen“The cycle has revved up tremendously and it's changed the way we work. So DevSecOps basically means that you've got this development cycle and then you've got the operations of it on an ongoing basis.”Steve "The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training. They know what a security bug looks like and why you don't want to have one. And the right equipment, the right tools to tell them when they need to do something differently and what to do about it."Steve "If you want a thousand person security team, then the way to do that is  to do all the audits and all the testing, and all the security reviews and all the compliance after the fact. If you want secure software out there this afternoon, the responsibility for building secure software has to be with the developers.  The role of the security team is to help organize, train, and equip so that the developers have the right processes, the right training."Karen:“I think the truth of it is that in the technology world, where we're surrounded by new technology, and we're used to that cycle of new technology evolution and adopting it like early adopters, we can get out over the skis when it comes to the rest of the world…Technical debt is our biggest risk, my opinion.”---------Time stamps:(02:45) What DevSecOps means(04:40) Leveraging DevSecOps as a leader(08:20) The development cycle’s acceleration (10:05) Safe Code’s mission(10:55) Old dev cycles vs. new ones(12:05) Building a secure development model(14:50) Difficulties behind a security push(17:40) Recognizing the importance of security pushes(19:55) Exploring the move to cloud(21:00) How the modern world adopts new technology(24:00) The risks of AI acceleration (30:05) Where to connect with Karen and Steve---------Links:Steve’s LinkedIn: https://www.linkedin.com/in/steve-lipner/Steve’s website: https://www.stevelipner.org/Steve on Twitter: https://twitter.com/lipner?lang=enKaren’s LinkedIn: https://www.linkedin.com/in/karenworstell/CIO Exchange on Twitter: https://twitter.com/vmwcioexchangeYadin Porter de León on Twitter: https://twitter.com/porterdeleon [Subscribe to the Podcast] On Apple Podcast: https://podcasts.apple.com/us/podcast/cio-exchange-podcast/id1498290907 For more podcasts, video and in-depth research go to https://www.vmware.com/cio---------Keywords: cio, cio exchange, VMware, innovation, leadership, IT, information technology, technology, cto, cloud, multi-cloud, security, devops, devsecops, artificial intelligence, machine learning, AI, Chat GPT, development cycles, technology leadership, AI security