Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?
Sort by:
CISO (CISO) in Healthcare and Biotecha year ago
A proper development guideline that incorporates security checks is helpful. Automated checks of course help. See also ISO 27001 controls for software security.
DIRECTOR OF SOFTWARE DEVELOPMENTa year ago
I would encourage all developers to play Juice Shop from OWASP https://owasp.org/www-project-juice-shop/ it is both sobering and gamified. Then review OWASP top 10 with them as a basic level. Finally encourage pipeline automation for any automated checks like burp sweet and other similar tools to check on a staging environment automatically. This way security audits you pay for in the future are only uncovering hard to find items, make the auditors work for it :)
As above + security champions in each team or area. However, it could be a challenge to get their time sometimes