It seems fitting that I’m writing this blog post in May. Early spring is the season for many exciting things, including some of the world’s most prominent developer and cyber security conferences. Whether you’re a leader in the engineering or security teams, we’re bombarded with new approaches and tools. Vendors are marketing to us, books are released, and conference talks feature throughout our news feeds.
Continue reading Introducing new rituals into software development lifecycles
Or “How to design software with evil villains in mind”
As software developers and development leaders, we strive to create software that’s not only functional but also secure. We work hard to identify potential cyber security risks and vulnerabilities and implement preventive measures. But despite our best efforts, some individuals will always seek to exploit any weaknesses in our software. That’s where the concept of cyber security personas comes in.
Continue reading Behavior-Driven Development (BDD) goes rogue
If there’s one thing that we’ve noticed during SafeStack’s adventures in secure development, it’s that we often spend a lot of time focusing on the roles that write the code. That’s great and super important – you don’t get any software without a developer – but it’s certainly not the whole picture.
Continue reading The role of product management in cyber security
In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.
Continue reading Securing the bigger picture: Product security maturity
What came first: security built into your software development lifecycle or security built into the design and implementation of your code?
When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.
Continue reading Securing the bigger picture: Lifecycle security maturity
Welcome to application security. Once you get started, you can’t help but see the problems with software all around you.
So how do you avoid the pit of despair, burnout, and overwhelm?
Continue reading Security, the infinite game, and the pit of despair
If there’s one thing about cyber security marketing that irritates me, it’s the value claims.
I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.
Continue reading Leading indicators in application security
Software development friends: we need to talk. Our definition of high-quality software is broken, and it has been for a while. Most likely you knew this already, but we’ve all been busy and who has the time to make things more complex?
There’s a great opportunity here, but first we need to understand what’s not working and why.
Continue reading Should software security be part of quality?
It’s the start of the year again.
The decorations have been packed away, the team has returned from a well-deserved break, and we all share in the traditional New Year’s dream that this year will be quieter. The world never looks more hopeful than it does in January.
In the spirit of capitalizing on this short-lived optimism and starting 2023 with a renewed focus, I’m asking you to join me in making a change this year.
Continue reading Start where you are with software security
To say that 2022 has been a big year for SafeStack is to undersell it.
It’s been a year where — as a company — our values and our mission have shone. We’ve finally found peace with being a little different, and instead of fighting it, we’ve embraced it.
Continue reading SafeStack closes NZ $4 million funding round led by Blackbird