Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?
Sort By:
Oldest
DIRECTOR OF SOFTWARE DEVELOPMENT7 months ago
I would encourage all developers to play Juice Shop from OWASP https://owasp.org/www-project-juice-shop/ it is both sobering and gamified. Then review OWASP top 10 with them as a basic level. Finally encourage pipeline automation for any automated checks like burp sweet and other similar tools to check on a staging environment automatically. This way security audits you pay for in the future are only uncovering hard to find items, make the auditors work for it :) CISO (CISO) in Healthcare and Biotech7 months ago
A proper development guideline that incorporates security checks is helpful. Automated checks of course help. See also ISO 27001 controls for software security.Head of Application Security4 months ago
As above + security champions in each team or area. However, it could be a challenge to get their time sometimes