VeraTalks: Tackling Developer Security Training

Most AppSec programs forget that there is only one team that can fix security findings: the development team. While an AppSec strategy based on scanning will help you find flaws, the best approach also avoids creating flaws in the first place. Yet developers often don’t have the training they need to prevent, identify, or remediate code vulnerabilities. Very few university engineering programs include cybersecurity courses, and in a recent ESG survey of cybersecurity professionals, 35% of respondents reported that that less than half of their development teams are participating in formal security training. In addition, security teams often don't have the bandwidth or expertise to teach development teams themselves. At the same time, existing training solutions are lengthy, generic, often just plain boring, and produce lackluster results. How can organizations enable their development teams with the skills they need to code securely? Tune in to our next VeraTalk where Veracode's Director of Developer Relations Rey Bango will be digging into this developer security training conundrum. Don't miss this discussion based on his own experiences with secure coding and security training. He’ll cover: • The security skills and know-how developers need today • The types of security training that work • The role of security champions • How the security and development teams can work together to ensure code is create securely from the start