Jan 06 2021 50 mins 6
How secure is your software? Carl and Richard talk to Maya Kaczorowski of GitHub about The State of the Octoverse Security Report - one of three annual reports coming from GitHub about how software is being built. Maya talks about how software vulnerabilities are found and fixed, including the amazing statistic that vulnerabilities on average exist in code for four years before being detected! Also, the criticality of the vulnerability doesn't seem to increase the speed to fix - what does make a difference is automation. Automated build and deployment pipelines, including security analysis early in the process - those are the things that make our software safer!
