"Avoid custom security solutions whenever possible - they often lead to vulnerabilities." - Eoin Woods

In this episode I talk with Eoin Woods about integrating security from the start of software development. Eoin, an expert in software architecture, explains why security often gets overlooked until the last minute. We explore why engineers find security daunting and discuss making it a standard part of development. Eoin shares design principles like defense in depth and cautions against custom security solutions.

Eoin Woods is an independent consultant in the fields of software architecture, green software and software engineering. He is formerly the CTO of Endava, where he was responsible for software engineering and capability development for over 10,000 delivery staff across the world. Prior to Endava he has developed databases, created security software and designed way too many systems to move money around. Outside his day job he is interested in software architecture, software security and sustainable (or "green") software. He is a regular conference speaker, has co-authored three books on software architecture and was the recipient of the 2018 Linda Northrup Award for Software Architecture, from the Software Engineering Institute at CMU

Highlights:

• Security should be integrated from the start of software development.
• Engineers often find security overwhelming and ignore it until too late.
• Design principles like defense in depth simplify security.
• Avoiding custom security solutions is crucial.
• Open and closed source tools each have benefits and challenges.