Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?

2.1k views3 Comments

Sort by:

Head of Application Securitya year ago

As above + security champions in each team or area. However, it could be a challenge to get their time sometimes

CISO (CISO) in Healthcare and Biotecha year ago

A proper development guideline that incorporates security checks is helpful. Automated checks of course help. See also ISO 27001 controls for software security.

DIRECTOR OF SOFTWARE DEVELOPMENTa year ago

I would encourage all developers to play Juice Shop from OWASP https://owasp.org/www-project-juice-shop/ it is both sobering and gamified. Then review OWASP top 10 with them as a basic level. Finally encourage pipeline automation for any automated checks like burp sweet and other similar tools to check on a staging environment automatically. This way security audits you pay for in the future are only uncovering hard to find items, make the auditors work for it :)

Content you might like

Thoughts on self-healing applications? Any approaches or tools that look promising to you?

Does someone have advice on how they have balanced the risk/reward as it relates to introducing Open-Source Software to organization? My org is dipping its toe into the OSS world and the architecture and risk governance teams are looking to get ahead of these requests by coming up with policies and standards for OSS technology being brought into our environment. To clarify, this is not for software development and CI/CD pipelines, SDLC etc. This is for installing solutions that already exist out there (Zabbix, GreyLog, Prometheus etc.) into the organization's environment. We are looking to provide a balance on the obvious risk with the ability to move fast (like everyone else now).

What are the biggest technical challenges preventing organizations from being able to use their existing data to enable digital transformation?

Finding data and putting it to good use13%

Controlling the security and privacy of data45%

Understanding how data is currently being used20%

All of the above19%

None of the above1%

View Results

How concerned are you about burnout in your department? Is burnout a problem in your industry?

As technology leaders, where are you seeing the most challenges or gaps?

Executive Support10%

Projects vs. Operations68%

Building a culture of Security15%

Team Completeness5%

View Results

Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?

Sort by:

Content you might like

Thoughts on self-healing applications? Any approaches or tools that look promising to you?

What are the biggest technical challenges preventing organizations from being able to use their existing data to enable digital transformation?

How concerned are you about burnout in your department? Is burnout a problem in your industry?

As technology leaders, where are you seeing the most challenges or gaps?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

2024 Software Engineering Priorities and Challenges

Improving Software Developer Experience

Current State of Software Developer Experience

Emerging Software Security Risks: How Are Tech Leaders Preparing for 2024?

Take Your Insights On-the-Go