Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications: KICS

“It will never happen to me”- thoughts about security awareness

Today’s targeted cyber-attacks force organizations to act rapidly and involve more and more security professionals in order to secure their software. Security education awareness focuses on the need to involve developers in the security testing process. These are great blog posts surrounding security awareness and education; we thought it’s worth a share.

Security Awareness Training

By Bruce Schneier, March 27, 2013

Should companies spend money on security awareness training for their employees? It’s a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time, and that the money can be spent better elsewhere. Moreover, I believe that our industry’s focus on training serves to obscure greater failings in security design.

Continue reading


Developers and QA doing security testing: I’ve got management buy-in, now what?

By Dan Kornell, March 18, 2013

One of the things I do is answer questions as an “expert” for the web site and they recently posted an answer I gave to a question about how to get developers and quality assurance folks to do security testing. You can see my blog post about this here as well as the original question and answer here. After I posted this online, Aaron Weaver on Twitter asked a great question: “What else beside management buy-in?”

Continue reading



Jump to Category