Builders and Breakers

Posted on


Deb Radcliff interviews Casey Ellis, CTO and founder of BugCrowd, and Tracy Bannon Senior Principal/ Software Architect & DevOps Advisor at MITRE.

In chapter seven of the book, Reinventing Cybersecurity, Tracy Bannon writes about tearing down the muscle memory holding developers back from embracing security best practices. This also applies to silos between development teams and the pen testers trying to ‘break’ their products in order to improve their security. 

In this videocast, Casey Ellis tells the story of how his penchant for breaking things led to him creating a new model of security testing under his successful company, BugCrowd. Following that, Tracy and Casey engage in a lively conversation about digital transformation, ransomware, IOT and how some of the most well-known software bugs are still commonly exploited. They also explain how to unite the builders – those who develop code – and the breakers – in this case outsourced pen testers working under contract with BugCrowd. 

“More builders need to think like breakers,” Tracy says in the webcast. “I also want testers to understand how builders think.”

The breaker mindset is inverted thinking, adds Casey. “Instead of focusing on what the software should do, the breaker focuses on what the software should not do.”

In this interview, get perspectives from the builders and the breakers, and how the two can work together smoothly to improve security in third-party applications. 

{% video_player “embed_player” overrideable=False, type=’hsvideo2′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1280′, height=’720′, player_id=’80476615738′, style=” %}


Helpful resources discussed in this interview:

MITRE ATT&CK framework 

MITRE database of Common Vulnerabilities and Exposures (CVE)

OWASP Top Ten Web Application Security Risks

In-Depth whitepaper, Secure by Design, sponsored by GrammaTech (registration required) 

GrammaTech secure design services

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now