Posted on

What is SBOM and why should we care?

Feature image: "What is SBOM and why should we care?" with SafeStack mascot.


If you’ve heard the term SBOM floating around, you may have wondered what it is, where it comes from, and how it impacts you in your software development work. We’ll get into all of that, but let’s start with a definition.


Continue reading What is SBOM and why should we care?

Posted on

Hello, world! SafeStack launches parity pricing

Feature image: "Hello, world! SafeStack launches parity pricing" with SafeStack mascots


We often talk about everyone needing cyber security: from the largest governments to the smallest businesses. We include budgets for it at a national level, and we encourage people through frameworks and regulations. We urge software teams to consider cyber security early and often through every element of the products – building secure systems by design and default.


Continue reading Hello, world! SafeStack launches parity pricing

Posted on

Teaching good engineers to be bad people

Featured image with title: Teaching good engineers to be bad people. With SafeStack mascot.


You are a good person. You like to build things and solve problems. It’s not your fault. You also follow the rules. That’s not your fault either.

From our parents to our schooling, from our communities to the laws of the countries we live in – we are taught to behave from a very young age. While we are naturally inquisitive as children, we dial those behaviors down as we age. We remain curious and playful at our core, but we change our behavior in external situations, such as in the workplace, to fit the mold. And it doesn’t stop there.


Continue reading Teaching good engineers to be bad people

Posted on

Introducing new rituals into software development lifecycles

Featured image with title: Introducing new rituals into software development lifecycles. And SafeStack mascot.


It seems fitting that I’m writing this blog post in May. Early spring is the season for many exciting things, including some of the world’s most prominent developer and cyber security conferences. Whether you’re a leader in the engineering or security teams, we’re bombarded with new approaches and tools. Vendors are marketing to us, books are released, and conference talks feature throughout our news feeds.


Continue reading Introducing new rituals into software development lifecycles

Posted on

Behavior-Driven Development (BDD) goes rogue

"Behavior-Driven Development (BDD) goes rogue" title with SafeStack mascot.

Or “How to design software with evil villains in mind”

As software developers and development leaders, we strive to create software that’s not only functional but also secure. We work hard to identify potential cyber security risks and vulnerabilities and implement preventive measures. But despite our best efforts, some individuals will always seek to exploit any weaknesses in our software. That’s where the concept of cyber security personas comes in.


Continue reading Behavior-Driven Development (BDD) goes rogue

Posted on

The role of product management in cyber security

"The role of product management in cyber security" title with SafeStack mascot image

If there’s one thing that we’ve noticed during SafeStack’s adventures in secure development, it’s that we often spend a lot of time focusing on the roles that write the code. That’s great and super important  – you don’t get any software without a developer – but it’s certainly not the whole picture.


Continue reading The role of product management in cyber security

Posted on

Securing the bigger picture: Product security maturity

"Securing the bigger picture: Product security maturity" title with SafeStack mascot image

In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.


Continue reading Securing the bigger picture: Product security maturity

Posted on

Securing the bigger picture: Lifecycle security maturity

"Securing the bigger picture: Lifecycle security maturity" title with SafeStack mascot image

What came first: security built into your software development lifecycle or security built into the design and implementation of your code?

When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.


Continue reading Securing the bigger picture: Lifecycle security maturity

Posted on

Security, the infinite game, and the pit of despair

"Security, the infinite game, and the pit of despair" title with SafeStack mascot image

Welcome to application security. Once you get started, you can’t help but see the problems with software all around you. 

So how do you avoid the pit of despair, burnout, and overwhelm?


Continue reading Security, the infinite game, and the pit of despair

Posted on

Leading indicators in application security

"Leading indicators in application security" title with SafeStack mascot image

If there’s one thing about cyber security marketing that irritates me, it’s the value claims.

I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.


Continue reading Leading indicators in application security