Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?

2.1k views3 Comments

Sort by:

Head of Application Security2 years ago

As above + security champions in each team or area. However, it could be a challenge to get their time sometimes

CISO (CISO) in Healthcare and Biotech2 years ago

A proper development guideline that incorporates security checks is helpful. Automated checks of course help. See also ISO 27001 controls for software security.

DIRECTOR OF SOFTWARE DEVELOPMENT2 years ago

I would encourage all developers to play Juice Shop from OWASP https://owasp.org/www-project-juice-shop/ it is both sobering and gamified. Then review OWASP top 10 with them as a basic level. Finally encourage pipeline automation for any automated checks like burp sweet and other similar tools to check on a staging environment automatically. This way security audits you pay for in the future are only uncovering hard to find items, make the auditors work for it :)

Content you might like

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Are context engineering skills a high priority for your organization right now? How does that skill set compare to prompt engineering?

What’s your personal sentiment about return-to-office mandates?

Very positive6%

Positive58%

Neutral21%

Negative7%

Very negative5%

View Results

As an engineering leader, how do you prevent burnout? Select all that apply.

Frequent 1:1s to monitor workload46%

Frequent 1:1s to monitor employee wellness55%

PTO after a launch37%

Wellness benefits41%

Hiring more people to reduce individual workload25%

Additional work comes through tickets (not email)17%

Other (please tell us in the comments)8%

View Results

Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?

Sort by:

Content you might like

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Are context engineering skills a high priority for your organization right now? How does that skill set compare to prompt engineering?

What’s your personal sentiment about return-to-office mandates?

As an engineering leader, how do you prevent burnout? Select all that apply.

How do you decide which test assignments to include in your software developer interviews?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

2024 Software Engineering Priorities and Challenges

Improving Software Developer Experience

Current State of Software Developer Experience

Emerging Software Security Risks: How Are Tech Leaders Preparing for 2024?

Take Your Insights On-the-Go