08 February 2021
Yesterday my wife Julia asked me a simple question: how important do I think software security is in the world; how big is the problem to solve? Rather to her surprise, the question perplexed me, and I gradually explained that my job wasn’t solving the problem of software security. The ways to achieve software security are well-known. My role is helping companies and developers decide how much security they need, and how most effectively to get it. In fact, my job is to help companies answer...
04 January 2021
How can you easily add security and privacy to the software you set up? Almost every week we learn that yet another major company has detected a security breach with the loss of huge amount of individuals’ personal information. It is usually some time before we learn exactly how that happened; sometimes we never do! But it often turns out with such events that the root cause boils down to one thing: somebody built, installed or changed some software without thinking through the security and...
15 December 2020
Very few teams have a security expert readily available, so instead, have one member of a development team be the ‘security champion’, and support them learning and helping others in the team.
23 November 2020
Learn how to assess your security threats for both impact, and cost to mitigate.
03 November 2020
Incentivising developers to know the importance of security is all very well, but faced with normal life people forget quite quickly. So make sure you have a trickle of regular events and nudges to continuously remind the team.
12 October 2020
A great way to spot security problems is to have another developer or security expert review the code. Do it if you can.
24 August 2020
Programmers use lots of components – chunks of software written by other people. These components frequently have security issues. So make sure you choose secure components, and keep all your components are up to date.
27 July 2020
There’s a widely used, approach to using external people to improve your software security. It’s called ‘Penetration Testing’. Discover how it works...