Ramirez is also appealing to tech startups to conduct threat assessments early on and in circumstances that will simulate how the application will function in the wild, effectively trying to hack their products before bringing them to market to ensure that the security features function as they were designed.
"Evaluate your product in scenarios that replicate how consumers will use it in the real world," Ramirez said. "Often there are financial incentives to rush to market, but make sure your security is ready before you launch."
Then, once the product is live, startups must remain vigilant about security issues as flaws are discovered and new threats emerge. Ramirez suggests that firms consider setting up a bug bounty program or designating a point person to serve as a liaison to the security community, someone researchers can contact when they discover a vulnerability.
"Bugs are inevitable," she said, "and when flaws are discovered, companies must have effective strategies for managing, addressing and learning from vulnerability reports."
Sign up for Computerworld eNewsletters.