13:40 - 14:40 (UTC+02)
Talk (60 min)
It doesn't take much to be above average: The critical shortcomings of small software companies
Small software companies may have personal and sensitive data on millions of users and process millions of euros worth of transactions, but many have appaling application security. In this talk, I'll mention some of the common shortcomings we come across and what can be done to address them.
Based on analysis of hundreds of acquisition targets, vendors, customers and partners, it is clear that most small software companies are underinvesting in security to the detriment their future and customers. Based on our analysis, the danger zone seems to be <40 FTEs, <5 MEUR revenue. The good news is that major improvements in security can be made without the need for huge investments.