Category: Secure Development

Posted on by

Behavior-Driven Development (BDD) goes rogue

"Behavior-Driven Development (BDD) goes rogue" title with SafeStack mascot.

Or “How to design software with evil villains in mind”

As software developers and development leaders, we strive to create software that’s not only functional but also secure. We work hard to identify potential cyber security risks and vulnerabilities and implement preventive measures. But despite our best efforts, some individuals will always seek to exploit any weaknesses in our software. That’s where the concept of cyber security personas comes in.

Continue reading Behavior-Driven Development (BDD) goes rogue

Posted on by

The role of product management in cyber security

"The role of product management in cyber security" title with SafeStack mascot image

If there’s one thing that we’ve noticed during SafeStack’s adventures in secure development, it’s that we often spend a lot of time focusing on the roles that write the code. That’s great and super important  – you don’t get any software without a developer – but it’s certainly not the whole picture.

Continue reading The role of product management in cyber security

Posted on by

Securing the bigger picture: Product security maturity

"Securing the bigger picture: Product security maturity" title with SafeStack mascot image

In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.

Continue reading Securing the bigger picture: Product security maturity

Posted on by

Securing the bigger picture: Lifecycle security maturity

"Securing the bigger picture: Lifecycle security maturity" title with SafeStack mascot image

What came first: security built into your software development lifecycle or security built into the design and implementation of your code?

When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.

Continue reading Securing the bigger picture: Lifecycle security maturity

Posted on by

Take control of your cyber security training with SafeStack Learning Paths

Visual of learner's view of SafeStack Learning Paths

Every team’s cyber security training journey is unique, and we’re excited to share a new feature that helps you tailor yours to fit just right.

Continue reading Take control of your cyber security training with SafeStack Learning Paths

Posted on by

Security, the infinite game, and the pit of despair

"Security, the infinite game, and the pit of despair" title with SafeStack mascot image

Welcome to application security. Once you get started, you can’t help but see the problems with software all around you. 

So how do you avoid the pit of despair, burnout, and overwhelm?

Continue reading Security, the infinite game, and the pit of despair

Posted on by

Leading indicators in application security

"Leading indicators in application security" title with SafeStack mascot image

If there’s one thing about cyber security marketing that irritates me, it’s the value claims.

I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.

Continue reading Leading indicators in application security

Posted on by

Should software security be part of quality?

"Should software security be part of quality?" title with SafeStack mascot image

Software development friends: we need to talk. Our definition of high-quality software is broken, and it has been for a while. Most likely you knew this already, but we’ve all been busy and who has the time to make things more complex?

There’s a great opportunity here, but first we need to understand what’s not working and why.

Continue reading Should software security be part of quality?

Posted on by

Start where you are with software security

"Start where you are with software security" title with SafeStack mascot image

It’s the start of the year again. 

The decorations have been packed away, the team has returned from a well-deserved break, and we all share in the traditional New Year’s dream that this year will be quieter. The world never looks more hopeful than it does in January.

In the spirit of capitalizing on this short-lived optimism and starting 2023 with a renewed focus, I’m asking you to join me in making a change this year.

Continue reading Start where you are with software security

Posted on by

Introducing SafeStack’s Student Sponsorship program for secure development

SafeStack mascot Riley mapping bugs on purple background

There’s a well-accepted truth in application security: the earlier in the software development process you consider cyber security, the more influence you can have on addressing any issues found. I believe the same to be true for when we give our engineering teams access to secure development education.

Continue reading Introducing SafeStack’s Student Sponsorship program for secure development