re: Four Security Principles That Software Developers Should Follow VIEW POST

VIEW FULL DISCUSSION

Great article Rob! I use the following mantra(s) when talking to technical teams about information security, I think they line up well with yours:

  • Know your threats (model them: cost it up for good & bad actors)
  • Know your controls (owasp.org/index.php/Category:Control)
  • Know your tools (language features, security checkers, monitoring tools)
  • Know you are wrong (incident response plans, gap analysis & learning)

I also talk about security frameworks such as Gartner's Adaptive Security Architecture (Predict, Prevent, Detect, Respond), breaking each of these terms down with examples of technologies or processes used. This helps make infosec less abstract, especially if I can include some war stories!

I like the "Know you are wrong" mantra, it can be applied to all levels of development. As soon as you think something is working it's most likely broken in some way... :)

code of conduct - report abuse