Why developers dislike security—and what you can do about it
This post was written by Chris Romeo during his tenure at Security Journey. This article originally appeared on TechBeacon.com on May 18, 2021. You can access it here.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
What Are Bug Bounty Programs, And Why Are They Becoming So Popular?
Some organizations run bug bounty programs as a way to identify and fix vulnerabilities within their production applications. A bug bounty program gives ethical hackers permission to test if an...
How Secure Coding Training Fits Into The Shift Left Movement
In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...
Top 4 Ways To Increase Completion Rates for Secure Coding Training
It’s indisputable: Secure Coding Training is effective in reducing vulnerabilities in code. That’s why more and more companies are turning to this training to help speed up software deployment and...
Announcing our Secure Coding Training Guide
We’ve talked to hundreds of secure coding training administrators over the years, and we’ve seen many approaches to setting up and deploying a secure coding training program. We’ve seen what works...
Applying Learning Science Principles to Secure Code Training
Everyone knows the old adage: You can lead a horse to water but you can’t make it drink, and this is certainly applicable when it comes to self-directed learning through computer-based training...
AWS Security: Why you should use IAM roles for access control
Nobody appreciates the words "best practice," especially when they have no idea why it is or who said it. The phrase has encroached on the territory formerly occupied by the adage "in my humble...
How Offensive Training Improves Defensive-Only Approaches in Secure Coding Training
Chess is an oft-used analogy for cybersecurity because there are many similarities between the two. At their core, they are games of strategy which pit two adversaries against each other in a bid to...
How to Put the Threat Modeling Manifesto Into Action
If you have not yet seen the Threat Modeling Manifesto, you’re missing out.
Supply Chain Insecurity: Keep Your Eyes on the Road with Ruby on Rails
This article was originally appeared on TechBeacon.com on April 26, 2021. You can access it here.
Gender Diversity Considerations in Training: Avoiding Unintended Biases
When deciding which secure coding training program is right for you and your team, it’s important to choose a program that won’t unintentionally alienate certain groups. In 2021, it’s common...
Application Security and the Zen of Python
What shall we make of the Zen of Python? Is it the epos of the language? A philosophy of computing? There are those days when one wonders whether the Python language itself is an elaborate prank...