Alexander Lystad - It doesn't take much to be above average - NDC Security 2022

Small software companies may have personal and sensitive data on millions of users and process millions of euros worth of transactions, but many have appaling application security. In this talk, I'll mention some of the common shortcomings we come across and what can be done to address them.

Based on analysis of hundreds of acquisition targets, vendors, customers and partners, it is clear that most small software companies are underinvesting in security to the detriment their future and customers. Based on our analysis, the danger zone seems to be 40 FTEs, 5 MEUR revenue. The good news is that major improvements in security can be made without the need for huge investments.

Check out more of our featured speakers and talks at
Be the first to comment