If you’ve heard the term SBOM floating around, you may have wondered what it is, where it comes from, and how it impacts you in your software development work. We’ll get into all of that, but let’s start with a definition.
We often talk about everyone needing cyber security: from the largest governments to the smallest businesses. We include budgets for it at a national level, and we encourage people through frameworks and regulations. We urge software teams to consider cyber security early and often through every element of the products – building secure systems by design and default.
Continue reading Hello, world! SafeStack launches parity pricing
You are a good person. You like to build things and solve problems. It’s not your fault. You also follow the rules. That’s not your fault either.
From our parents to our schooling, from our communities to the laws of the countries we live in – we are taught to behave from a very young age. While we are naturally inquisitive as children, we dial those behaviors down as we age. We remain curious and playful at our core, but we change our behavior in external situations, such as in the workplace, to fit the mold. And it doesn’t stop there.
It seems fitting that I’m writing this blog post in May. Early spring is the season for many exciting things, including some of the world’s most prominent developer and cyber security conferences. Whether you’re a leader in the engineering or security teams, we’re bombarded with new approaches and tools. Vendors are marketing to us, books are released, and conference talks feature throughout our news feeds.
Continue reading Introducing new rituals into software development lifecycles
Or “How to design software with evil villains in mind”
As software developers and development leaders, we strive to create software that’s not only functional but also secure. We work hard to identify potential cyber security risks and vulnerabilities and implement preventive measures. But despite our best efforts, some individuals will always seek to exploit any weaknesses in our software. That’s where the concept of cyber security personas comes in.
Continue reading Behavior-Driven Development (BDD) goes rogue
If there’s one thing that we’ve noticed during SafeStack’s adventures in secure development, it’s that we often spend a lot of time focusing on the roles that write the code. That’s great and super important – you don’t get any software without a developer – but it’s certainly not the whole picture.
Continue reading The role of product management in cyber security
In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.
Continue reading Securing the bigger picture: Product security maturity
What came first: security built into your software development lifecycle or security built into the design and implementation of your code?
When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.
Continue reading Securing the bigger picture: Lifecycle security maturity
Welcome to application security. Once you get started, you can’t help but see the problems with software all around you.
So how do you avoid the pit of despair, burnout, and overwhelm?
Continue reading Security, the infinite game, and the pit of despair
If there’s one thing about cyber security marketing that irritates me, it’s the value claims.
I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.
