RSA Conference: 'Fixer-developers' for web applications needed

Interview: Philippe Courtot
Interview: Philippe Courtot

It is a fantastic time for companies to build security into the cloud, but they have big challenges over web apps, particularly around finding people skilled to deal with fixing vulnerabilities.

This was a major message from Qualys chairman and CEO Philippe Courtot, speaking at a RSA Conference Europe 2012 Keynote. He said cloud computing, with its computing power, storage and control capabilities, brought both opportunities and challenges for IT security.

He said: "We have a fantastic opportunity as security professionals to sit at the table and of a CIO and really build security into the cloud. That's a unique opportunity that doesn't come often. This is the time for us to embrace the technology."

Courtot warned the speed of development, particular over web applications hosted over the cloud, was causing problems. Speaking to a roomful of security professionals he talked about the complexity of dealing with web apps, with Java and JavaScript huge attack vectors.

"The problem with web applications is that they are created by people, at an extremely fast speed. That speed itself creates a problem," he stated. 

"You have to analyse the vulnerabilities of these apps and understand attacks, at a very fast speed. We don't have that time anymore. It's a huge challenge."

"You won't find good engineers interested [in fixing vulnerabilities]. It's a waste of their talent. I think there is a need for new tools to remediate these apps, creating a new generation of what I call fixer-developers."

"People who have good engineering skills, but are also passionate in ensuring web apps are well-written. I believe you will never get the engineers who are coding spending an amount of time fixing bugs."

Sign up to our newsletters