I started this blog to talk about software security from a builder’s mindset. One of my professors once said, in the end, it’s really all about developing “good code”. I believe it. To achieve good code, teams have to get nearly everything right: requirements, designs, code, tests, configuration management, and so on. One thing is clear: security activities must be proactively carried out throughout the entire software development process — from start to finish.
While every activity is important, this blog focuses on the engineers who translate ideas and requirements into working systems. To have the slightest chance at being successful, these creative thinkers must do their work with security in mind. You’ll find that the majority of posts are about best practices for achieving secure designs and writing secure code.
–
I’m a software security consultant at Cigital working in the Washington, D.C. metropolitan area.