Lessons learned through 15 years of SDL at work

Lessons learned through 15 years of SDL at work

In short? Security Development Lifecycle is all about the developers...

Software products aren’t cookies

Software products aren’t cookies

Understanding the security of third-party components.

Conway's Law: does your organization’s structure make software security even harder?

Conway's Law: does your organization’s structure make software security even harder?

Why secure development programs succeed in organizations.

Getting to the root (cause) of the problem

Getting to the root (cause) of the problem

The security response process is a natural source of feedback for any software security program.

(Managing) risky business

(Managing) risky business

How to ensure sound and conflict-free risk management decisions – and usually deliver secure code.

Software development teams: please don't think like a hacker!

Software development teams: please don't think like a hacker!

Figuring out what to tell the developers to do is not as easy as telling them write secure code.

Creating a secure development culture

Creating a secure development culture

Focusing on culture might be the most important thing an organization can do when developing secure software.

Load More