Sabesp is a company that provides water and waste collection services in the State of São Paulo. Sabesp's services reach 27.7 million people with water supply and more than 21.4 million people with sewage collection.
Diagnose security and development problems in applications, with a monthly volume of more than 30 million lines.
Nalbatech started the culture of safe development and code quality in 2014 at Sabesp, with the implementation of BugScout. The applied Solution submits its own and third-party systems to source code analysis to detect vulnerabilities; teams gained productivity after applications went through targeted corrections.
The solution allows the automation of the devops track, the analysis of vulnerabilities and quality in the source code in an automated way, bringing complete results to correct the occurrences.
“The work is done by sampling, to reduce time and investment, and later on throughout the application. Suppliers are informed about the tests even before hiring and are then instructed to make the necessary corrections. The analysis of the entire source code of the application follows the pattern of use of these systems within the company ”, explains Daniel Bocalão, manager of the connectivity and information security department at Sabesp.
More than 200 applications were analyzed, a monthly volume of more than 30 million lines.
“The most common flaws in third-party applications are related to the exposure of sensitive information, weak encryption, breach of trust limits, basic errors in the source code, among others. There is rarely any application on the market without finding a fault ”, reveals the executive.
"We noticed a very big increase in productivity after the applications went through the corrections guided by BugScout", says Bocalão.
What do our customers tell us?
“With Nalbatech's managed services for application security, we increase the efficiency of our work, which allows us to comply with the company's Information Security Master Plan”, says Daniel Bocalão, manager of connectivity and information security department at Sabesp .
The executive also reports that changes also occur in procedures related to internal development and the acquisition of software in the market, with a new item being added to the notices that any contracted solution will have to pass through BugScout.
“This also affected the software industry, whether the supplier is recognized for its quality or not. He will also go through this. In the end, we realized that this whole process is good for Sabesp and the manufacturer, who can improve their products for the market ”, he details.
Follow in the media: