What is a Security Champion?
Software users have expectations that the solution they choose to execute key business functions is continually being assessed for security, among other attributes. One role within security-conscious organizations that helps proactively meet those expectations is that of Security Champion.
According to industry definitions, a software solution’s Security Champion program is a collaboration between high-performing individuals within development and security teams. “Within the Fortra GoAnywhere MFT team, we challenge our Security Champions to become both the best cybersecurity professionals and software engineers that they can be. Expertise in both fields is a requirement to properly perform the role.” said Joseph Burr, Senior Software Engineer, Development, Fortra.
Security Champions are those professionals who are already well aware of the development team’s code bases and libraries, so are well positioned to address solution security with those parameters. At GoAnywhere, software engineers are tapped as Security Champions and meet regularly with other Champions across the organization to discuss issues around software security, as well as proactively evaluate the file transfer solution for any potential security issues.
Role Security Champions Play for Fortra’s GoAnywhere MFT
The GoAnywhere MFT software engineering department has several Security Champions embedded to serve as the file transfer solution’s “first responders” or “voice” for any incidents or detected vulnerabilities. “We’re the first ones to see what a given issue is and check if any reported vulnerabilities are viable, as there are many false positives. We then respond to any confirmed vulnerabilities and as software engineers, deal with them,” said Matt Johnson, Software Engineer and Security Champion for Fortra’s GoAnywhere MFT file transfer solution.
Johnson added, “Our role is to help ensure the product is secure and to plug any potential, identified security holes. This addition to our ‘day jobs’ jobs as software engineers is a bit of a crossover of both advising about security issues, coding, research, and of moving any issues up the chain to the product security team, which then creates any advisories needed.”
Customers Benefit from Dedicated Security Champions
Customers or end users benefit from the role of Security Champions. Unlike many free software options or open-source solutions such as Dropbox, Box, and JumpShare, GoAnywhere has dedicated, in-house personnel continually looking out for security issues, testing the secure file transfer product, and more importantly, direct access to the interior security chain of command to address them.
“With any software that is continually being refined, there can be new attack vectors or exploitations, as well as Common Vulnerabilities and Exposures (CVEs) that we prioritize and address. As a team, we have the broad picture of all these things, both large and small, and can very efficiently address those higher-level issues,” said Johnson.
According to Alisa Morton, also a Software Engineer and Security Champion for GoAnywhere, internal security processes, and the Security Champions program continues to evolve as cyber- and application security remain one of the largest concerns and focuses for customers.
“As Security Champions, we are very involved in all stages of the development lifecycle. We continuously evaluate the solution through the use of penetration testing, scanning, manual code review, etc.," said Morton. “We are also very hands on in reviewing any reported vulnerabilities to determine their applicability to GoAnywhere, working with other internal stakeholders to formulate a response to the issue, and then writing code to resolve any confirmed issue. As a result, our role is both proactive and reactive. Our goal is to always deliver the most secure solution to our end users."
MFT Security Requires Constant Vigilance
“Software security can sometimes feel like a house of cards, with new cyberthreats around every corner. However, by maximizing the Security Champion role within the development and engineering team for GoAnywhere, we can keep an eye on those vulnerabilities, such as those that come from third-party libraries, which can percolate up the chain, as we are continually scanning our development to ensure it’s not vulnerable and can fix any bugs right away,” said Johnson.
GoAnywhere’s Security Champions Help Ensure Secure, Robust Solution
GoAnywhere MFT, a leading file transfer solution, benefits from a team of Security Champions who proactively test and analyze the security of the software to help make it a secure, efficient solution for organizations of any size. To see how secure and efficient the solution can be, schedule a live demonstration.
