Incentivising developers to know the importance of security is all very well, but faced with normal life people forget quite quickly. So make sure you have a trickle of regular events and nudges to continuously remind the team.
Programmers use lots of components – chunks of software written by other people. These components frequently have security issues. So make sure you choose secure components, and keep all your components are up to date.
Remote working used to be the exception rather than the rule. But now like it or not everyone is working from home. We all have to make the effort of learning to use video conferencing and sharing technology effectively. And that opens up wonderful opportunities.
Why should we do games and workshops rather than just telling developers what to do or teaching them ‘capture the flag’ skills? To answer that, consider that for many years, software security has naturally been dominated by ‘security experts’, specialists whose job is to seek out vulnerabilities in software and encourage developers to fix them. Such experts will tend to regard developers as lazy, since they are the ‘cause’ of the security vulnerabilities. So security experts will...