Security News > 2021 > November > What is wrong with developer security training?

What excites a security professional is not exciting for developers because, at the end of the day, a developer needs to build, not to break.

While it can be fun to find and exploit a security vulnerability, this should not be the goal of secure coding training.

This is the critical part that must be covered in developer security training.

Being able to find edge cases that could lead to a security bug and write security tests are advanced skills.

I have categorized the problems of ineffective developer security training in three groups: the builder vs breaker mindset, treating security bugs like other bugs, and lack of focused practice.

If we want to create a secure software engineering culture, we should first make the connection between security and what developers like about programming.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ydcuMTZa7mw/