ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Security, Audit Professionals Need New Approach to Software

Security, Audit Professionals Need New Approach to Software

Adam Shostack, Consultant and Author
| Posted at 3:27 PM by ISACA News | Category: Audit-Assurance | Permalink | Email this Post | Comments (0)

Adam ShostackI’m here to let you know about a new Perspective that I’ve created for the ISACA audience.

The Perspective article is titled Reasonable Software Security Engineering, and there are two key messages. The first is that software is eating the world. This isn’t my message; it’s that of venture capitalist Marc Andreessen, who uses the phrase to emphasize just how much software is being created and how critical it is to every business. The second is that products are less relevant to defense than how you create that software. As the software that runs your business is now custom, your defenses need to be built in.

What this means is transformational for businesses. It’s transformational for security professionals.  They need new skills, new tools and new processes. It’s transformational for audit professionals because, for the sorts of documents they’ll view, the assurances they’ll need to check are going to change.

The Perspective article is designed to provide a high-level overview and actionable steps you can take to start adjusting to this new world.

Author’s note: To view Shostack’s insights on threat modeling, visit


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.