NEW YORK – Retailers should apply an “oil change” approach – diligent oversight on a frequent basis – to their software development, urged Darrell Sandefur, technology architect, Kroger Co.
Speaking Monday at the National Retail Federation’s 100th Annual Convention at the Jacob Javits Convention Center here, Sandefur pointed out that almost two-thirds of security issues can be prevented with simple preventive maintenance.
“What I propose to you as retailers, business partners and technologists is that you apply that same [oil change] concept to your internal software development and/or require it of your external partners,” he said.
In particular, he stressed that for every three “minor point releases” during development, developers should run an internal security scan. “I don’t want to hear excuses from development teams that, ‘Oh, this is just a minor point release – all we did was add some content to that first page on the web store,'” said Sandefur. “At the third minor point release, it is mandatory that you’re going to do a security scan.”
He warned that failing to do a security scan in those cases could result in “opening that door wider and wider and wider. You could have an Achilles heel evident in your application allowing a hacker to get into your system.”