12 agosto 2019
Sabesp is a company that provides water and waste collection services in the state of São Paulo. Sabesp’s services reach 27.7 million people with water supply and more than 21.4 million people with sewage collection.
Diagnose security and application development issues with a monthly volume of over 30 million rows.
Nalbatech started the culture of secure development and code quality in 2014 at Sabesp with the implementation of BugScout. Applied Solution submits proprietary and third-party systems to source code analysis for vulnerability detection; Teams gained productivity after applications went through targeted fixes.
The solution allows automated devops conveyor, vulnerability analysis and quality analysis in source code in an automated way, bringing complete results to correct occurrences.
“The work is done by sampling to reduce time and investment, and later throughout the application. Suppliers are informed of the tests even before hiring and then advised to make the necessary corrections. Analysis of all application source code follows the pattern of use of these systems within the company”, explains Daniel Bocalão, Sabesp’s connectivity and information security department manager.
There are over 200 applications analyzed, a monthly volume of over 30 million lines.
“The most common flaws found in third-party applications are related to sensitive information exposure, weak encryption, breach of trust limits, basic source code errors, and more. There is rarely any application on the market without finding a fault”, reveals the executive.
“We noticed a very large increase in productivity after applications went through BugScout-oriented fixes,” says Bocalão.
What do our customers tell?
“With Nalbatech’s managed application security services we increase the efficiency of our work, enabling us to meet the company’s Information Security Master Plan,” said Daniel Bocalão, Sabesp’s Connectivity and Information Security Department Manager.
The executive also reports that changes also occur in the procedures related to internal development and the acquisition of software in the market, being added in the edicts a new item, informing that any contracted solution will have to go through BugScout.
“It has also moved the software industry, no matter if the vendor has its recognized quality or not. He will also go through this. In the end, we realize this whole process is good for Sabesp and for the manufacturer, who can improve their products for the market”, he details.
Track in the media: