Cybercriminals are training their sights on developers, and this is raising alarm bells in the global security community.

It’s a concern because one recent survey by GitLab Inc.found deficiencies in a developer’s ability to spot security holes for the code they create.

“Unfortunately, what we expect is for the attackers to move to developers, move to the development pipeline, injecting code not at runtime, but earlier in the lifecycle,” said Bill McGee (pictured), senior vice president and general manager of hybrid cloud security at Trend Micro Inc. “We’ve seen evidence of container images up on Docker Hub getting infected and developers just pulling in without thinking about it. We need to move some our security technology to the development pipeline to help customers defend themselves.”

McGee spoke with John Furrier (@furrier) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Invent event. They discussed the recent launch of a new service to improve application development security and enterprise responsibility for protecting workloads in the cloud. (* Disclosure below.)

Helping developers manage risk

Trend Micro is moving some of its own technology in the development direction through the launch of its Cloud One service last month. The security platform allows developers to build applications while managing organizational risk.

“It cuts across about 70 services right now and gives you visibility of potential security configuration errors that you have in your environment,” McGee said. “If it’s in production, that is a big deal.”

Potential vulnerabilities created by developers are part of the ongoing discussion around cloud and the platform’s security. As the cloud model has evolved, dialogue has shifted from blanket acceptance of security to one of shared responsibility.

“Initially, I would say there was what I would call a naive perception that the cloud was magic and it was perfectly secure,” McGee said. “Amazon did the industry a real favor by establishing the shared responsibility model and making it crystal clear what they’ve got covered that you don’t need to worry about anymore as a customer and then the capabilities you still need to worry about.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Invent event. (* Disclosure: Trend Micro Inc. sponsored this segment of theCUBE. Neither Trend Micro nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE