08 February 2021
Why I’m not teaching developers how to do security…
Yesterday my wife Julia asked me a simple question: how important do I think software security is in the world; how big is the problem to solve? Rather to her surprise, the question perplexed me, and I gradually explained that my job wasn’t solving the problem of software security. The ways to achieve software security are well-known. My role is helping companies and developers decide how much security they need, and how most effectively to get it. In fact, my job is to help companies answer...
04 January 2021
How to Choose Appropriate Security
How can you easily add security and privacy to the software you set up? Almost every week we learn that yet another major company has detected a security breach with the loss of huge amount of individuals’ personal information. It is usually some time before we learn exactly how that happened; sometimes we never do! But it often turns out with such events that the root cause boils down to one thing: somebody built, installed or changed some software without thinking through the security and...
15 December 2020
Very few teams have a security expert readily available, so instead, have one member of a development team be the ‘security champion’, and support them learning and helping others in the team.
23 November 2020
Learn how to assess your security threats for both impact, and cost to mitigate.
03 November 2020
Incentivising developers to know the importance of security is all very well, but faced with normal life people forget quite quickly. So make sure you have a trickle of regular events and nudges to continuously remind the team.
12 October 2020
A great way to spot security problems is to have another developer or security expert review the code. Do it if you can.
28 September 2020
These days security experts need to be very persuasive. Here's why.
24 August 2020
Programmers use lots of components – chunks of software written by other people. These components frequently have security issues. So make sure you choose secure components, and keep all your components are up to date.
10 August 2020
Find out as a team what the threats really are for your project.
27 July 2020
There’s a widely used, approach to using external people to improve your software security. It’s called ‘Penetration Testing’. Discover how it works...

Show more

Get in touch to find out more