Category: Software Security

Posted on by

SafeStack’s Pro Plan: A new way for individuals to upskill in secure development

SafeStack mascots sitting on shield with dark purple background with title


Hey there, coders, testers, analysts, and software architects — we’ve got something new, just for you.

For the past few years, we’ve made secure development training accessible for more than 5,000 learners and nearly 1,500 organizations worldwide.

Today, we’re so happy to launch our Pro Plan — a new tier of access within SafeStack that’s designed for solo learners who want to level up their secure development skills and earn verified credentials, all with the support of our community.

Continue reading SafeStack’s Pro Plan: A new way for individuals to upskill in secure development

Posted on by

Introducing new rituals into software development lifecycles

Featured image with title: Introducing new rituals into software development lifecycles. And SafeStack mascot.


It seems fitting that I’m writing this blog post in May. Early spring is the season for many exciting things, including some of the world’s most prominent developer and cyber security conferences. Whether you’re a leader in the engineering or security teams, we’re bombarded with new approaches and tools. Vendors are marketing to us, books are released, and conference talks feature throughout our news feeds.

Continue reading Introducing new rituals into software development lifecycles

Posted on by

How ChatGPT impacts cyber security and how to get your team safely started with it 

"How ChatGPT impacts security and how to get your team safely started with it" title with SafeStack mascot.


You’re hiring for a new engineering role within your team. Great. You’ve made a shortlist, interviewed a bunch of people, and sent them a coding exercise they need to complete and submit. Now let’s add ChatGPT into the mix. How can we be sure that the code we receive from prospective hires is actually written by them? We can’t. Unless someone writes the code in front of us, there’s no way of knowing.

Continue reading How ChatGPT impacts cyber security and how to get your team safely started with it 

Posted on by

Behavior-Driven Development (BDD) goes rogue

"Behavior-Driven Development (BDD) goes rogue" title with SafeStack mascot.

Or “How to design software with evil villains in mind”

As software developers and development leaders, we strive to create software that’s not only functional but also secure. We work hard to identify potential cyber security risks and vulnerabilities and implement preventive measures. But despite our best efforts, some individuals will always seek to exploit any weaknesses in our software. That’s where the concept of cyber security personas comes in.

Continue reading Behavior-Driven Development (BDD) goes rogue

Posted on by

The role of product management in cyber security

"The role of product management in cyber security" title with SafeStack mascot image

If there’s one thing that we’ve noticed during SafeStack’s adventures in secure development, it’s that we often spend a lot of time focusing on the roles that write the code. That’s great and super important  – you don’t get any software without a developer – but it’s certainly not the whole picture.

Continue reading The role of product management in cyber security

Posted on by

Securing the bigger picture: Product security maturity

"Securing the bigger picture: Product security maturity" title with SafeStack mascot image

In this second post of two, we’re carrying on our discussion about how we can measure our security maturity. There are a couple of distinct approaches to this emerging: lifecycle security maturity, and product security maturity.

Continue reading Securing the bigger picture: Product security maturity

Posted on by

Securing the bigger picture: Lifecycle security maturity

"Securing the bigger picture: Lifecycle security maturity" title with SafeStack mascot image

What came first: security built into your software development lifecycle or security built into the design and implementation of your code?

When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.

Continue reading Securing the bigger picture: Lifecycle security maturity

Posted on by

Take control of your cyber security training with SafeStack Learning Paths

Visual of learner's view of SafeStack Learning Paths

Every team’s cyber security training journey is unique, and we’re excited to share a new feature that helps you tailor yours to fit just right.

Continue reading Take control of your cyber security training with SafeStack Learning Paths

Posted on by

Security, the infinite game, and the pit of despair

"Security, the infinite game, and the pit of despair" title with SafeStack mascot image

Welcome to application security. Once you get started, you can’t help but see the problems with software all around you. 

So how do you avoid the pit of despair, burnout, and overwhelm?

Continue reading Security, the infinite game, and the pit of despair

Posted on by

Leading indicators in application security

"Leading indicators in application security" title with SafeStack mascot image

If there’s one thing about cyber security marketing that irritates me, it’s the value claims.

I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.

Continue reading Leading indicators in application security