“Many developers lack the essential knowledge and skills to effectively implement secure software development”

Added at 08/08/2024 by Frank Hissen

Online Security Courses and more time for security in software development projects as one step into the right direction. Security has to be implemented from the beginning. Project managers have to provide enough development time on non-functional features or make security a functional feature.

In case of playback problems, you can also find the video on YouTube.

Security Evangelist Bruce Schneier recently referenced in his blog an article of the Linux Foundation on “Education in Secure Software Development”. The most striking quote being “many developers lack the essential knowledge and skills to effectively implement secure software development”.

In my over 20 years of experience in the area of secure software development and cryptography, I participated in many projects of companies of all sizes. My experience is that time pressure is one of the most common issues that repeats itself from project to project. And what happens when your project runs out of time? You drop requirements and features. Security most of the time is no core feature. That is in stark contrast to the fact that:

• Secure programming is no no-brainer!
• Security vulnerabilities are no careless mistakes of developers!
• Web application security consists of highly complex interrelations and requires time and experience!

Tool-based security examinations - in the ideal way integrated into the development environment itself - can improve the security of custom-made software very much and, hence, make their development much easier and more cost-effective. In the worst case, developers get blamed for security issues they just not got any chance of mitigating.

However, in times of nearshore / offshore software development, AI-generated code and highly complex development frameworks, one can not emphasize enough how important security education is. The famous Bruce Schneier quote “complexity is the worst enemy of security” is over 20y old, and software complexity has increased exponentially since then.

This is also why I am offering security courses also for over 20y – for project managers and developers alike. Project managers need a basic understanding of what has to be done when it comes to security and developers have to learn to implement it. Courses that I offer are:

• Secure Programming of Web Applications - Developers and Technical Project Managers
• IT Security for General and Project Managers
  
• IT Security Awareness for Employees and Individuals
  
• Introduction to Encryption
  

So from the spectrum of general and project managers over developers to the general employee / employees from every department, everybody can profit from more security awareness. My courses are very pragmatic, based on my personal project experience. Of course, there are many more opportunities to lean, look at OWASP initiative for instance!

Alternative Keywords

Security Awareness, IT Security, Information Security, Secure Surfing, Computer Security, Internet Security, Secure Programming, Web Application Security, Teaching, Education, Learning, Courses, Seminars, itsec, Video courses

Categories: News IT Security Background articles

---

Comments

Post your comment

Share

If you like this page, it would be a great thing if you share it with others:

reddit Digg StumbleUpon XING
WhatsApp Telegram