Something that is really hard about application security is that it isn’t something you can just point a tool at and be finished at some point in time. It is always going to take ongoing work. I like to use the analogy of a garden. Both the plants in the garden and the conditions around them change no matter what we do. Maintaining a beautiful garden is a labor of love and an ongoing investment in time. We could think of our applications in the same way.
Unfortunately, many applications look more like this example of an overgrown garden. The original intent of many applications tends to get bent, expanded or even lost as systems evolve. In some cases, the original beauty and architecture are lost in the complexity and difficulty managing the result.
When we think about application security, we are always looking for ways to make it a habit – something that people naturally think about and take care of. I’d even go so far as to say that tending our security garden needs to be a labor of love.
So what do we do? There are many layers to these examples that we can learn from:
Unfortunately, with software, outside of the development team, it is often difficult to tell whether the garden looks great and is well tended or if it is a bit of a mess…
That’s one of the key reasons Jemurai is built the way we are – around expert software developers that know good software – only very strong developers can look at systems and help make them beautiful like the Japanese garden pictured above.