How Can Product Security Teams Build Empathy with Developers?

How can product security teams build empathy with developers?

On a recent episode of the Future of Application Security, Stripe’s Application Security Manager, Rajat Bhargav shared his views. Here’s what Rajat advises teams to do:

“Even a simple thing like vulnerability management. When you’re building that vulnerability management where we say that when an issue is found, we have to triage to this team, and this is how we’re going to escalate. Instead of just building in isolation where only the security team is thinking about, engage the development team, think about it from their perspective. Or like when we were trying to do mobile security and we wanted to get tools, we worked with the mobile team to say, “Hey, this is a tool, this is something that we want to do. Is it even useful for you? Would you even use it? Like you have so many things going on, is this something that will add value to your product?”. And they were like, “Definitely, yes”. And then we went through evaluations and they liked the results that were coming out. The worst thing that could happen is you purchase a tool that you think would be good for the developers, and good for the team, company, and in the end, no one is using it because they don’t like the results or they don’t see it as helpful for what they’re working on.”

Check out Rajat’s full episode here: How Stripe Built a Highly Scalable AppSec Program: https://tromzo.com/podcasts/rajat-bhargava-appsec