Positive Security Culture in Software Development

The significance of a positive security culture is more crucial than ever in times of the increasing complexity of business applications and threats. But what does this practically mean? Here are some indicators for a product-oriented development organization that I find helpful: Update: In a previous version of this post, I called the 4. indicator … Read more

Implementing Smart Security Gates in Modern Software Development

In modern software development, there is a strong emphasis on aspects like speed and productivity. At first glance, this may appear to contradict a mechanism like a security gate, which, by definition, interrupts the process. At first glance, this may contradict in contrast to a mechanism like a security gate. That’s why many seem to … Read more

Secure Software Lifecycle Management (SSLM)

The concept of integrating security into the software development process is not new. While I cannot definitively assert that Microsoft was the pioneer of this concept, the Secure Development Lifecycle (SDL) published by Microsoft in 2002 undoubtedly laid the foundation for what is now commonly known as a Secure Software Development Lifecycle (Secure SDLC or … Read more

Agile Security & SecDevOps Touch Points

Agile software development has gotten more and more attention in the last couple of years. Not only internet startups or media agencies but also large companies from conservative business lines like automotive, banking, insurance, and the public sector are more and more adjusting to the agile world. Since those companies are often already very much … Read more