Tackling Developer Security Training
Most AppSec programs forget that there is only one team that can fix security flaws: the development team. While an AppSec strategy based on scanning will help you find flaws, the best approach avoids creating flaws in the first place. Yet developers often don’t have the training they need to prevent, identify or remediate code vulnerabilities. Very few university engineering programs include cybersecurity courses, and in a recent ESG survey of cybersecurity professionals, 35% of respondents reported that less than half of their development teams are participating in formal security training.
In addition, security teams often don't have the bandwidth or expertise to teach development teams themselves. At the same time, existing training solutions are lengthy, generic, often just plain boring and produce lackluster results. How can organizations enable their development teams with the skills they need to code securely?
Tune in to this discussion with Veracode's director of developer relations Rey Bango to dig deeper into the developer security training conundrum. You’ll walk away with a better understanding of:
• The security skills and know-how developers need today
• The types of security training that are most effective.
• The role of security champions
• How the security and development teams can work together to ensure code is created securely from the start