06 April 2021
I hate unnecessary security. Security in software is a bit like going to the dentist or having a vaccination. It's awful but you've got to have it. Much worse, though, is when it's awful and you really don't need it. For two years, I've been going around talking to groups of professional software programmers and asking them, using workshops, "what is the important security and privacy for your product?"
15 March 2021
Good code is what makes a software great. Whether you are a programmer or a software development team lead, you are probably well aware of the advantages of a well-executed code review. The benefits definitely outweigh the tediousness of this process as code reviews can create an environment and culture of feedback, collaboration, and innovation. Most team leaders find code reviews nerve-wracking, so let’s start off with the best practices for running code reviews.
08 February 2021
Yesterday my wife Julia asked me a simple question: how important do I think software security is in the world; how big is the problem to solve? Rather to her surprise, the question perplexed me, and I gradually explained that my job wasn’t solving the problem of software security. The ways to achieve software security are well-known. My role is helping companies and developers decide how much security they need, and how most effectively to get it. In fact, my job is to help companies answer...
04 January 2021
How can you easily add security and privacy to the software you set up? Almost every week we learn that yet another major company has detected a security breach with the loss of huge amount of individuals’ personal information. It is usually some time before we learn exactly how that happened; sometimes we never do! But it often turns out with such events that the root cause boils down to one thing: somebody built, installed or changed some software without thinking through the security and...
15 December 2020
Very few teams have a security expert readily available, so instead, have one member of a development team be the ‘security champion’, and support them learning and helping others in the team.
23 November 2020
Learn how to assess your security threats for both impact, and cost to mitigate.
03 November 2020
Incentivising developers to know the importance of security is all very well, but faced with normal life people forget quite quickly. So make sure you have a trickle of regular events and nudges to continuously remind the team.
12 October 2020
A great way to spot security problems is to have another developer or security expert review the code. Do it if you can.
24 August 2020
Programmers use lots of components – chunks of software written by other people. These components frequently have security issues. So make sure you choose secure components, and keep all your components are up to date.