Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Unlike civil engineering, software often lacks rigorous safety standards. Learn how to build a security climate, not just react to security weather.

#1about 4 minutes

The conflict between initial velocity and long-term quality

Business pressures like deadlines and budgets often prioritize rapid proof-of-concept development over establishing sustainable software quality and security from the start.

#2about 4 minutes

Addressing the security education gap for developers

Integrating a secure system development lifecycle (SDLC) into university and bootcamp curricula is crucial for changing the industry's culture and embedding security from the ground up.

#3about 6 minutes

Why development teams need multidisciplinary specialists

Instead of expecting every developer to master security, performance, and usability, teams should adopt a model with specialists like security champions.

#4about 5 minutes

Expanding security awareness beyond the development team

Creating a robust security culture requires educating everyone from young people on data privacy to management on IT fundamentals, reinforced by practices like phishing simulations.

#5about 4 minutes

Exploring the need for regulation in software development

The panel discusses whether software engineering needs formal regulations, similar to civil engineering, to improve safety and why the intangible nature of data breaches makes this challenging.

#6about 8 minutes

How to begin implementing security in a new project

Security should start with requirements and design, using accessible techniques like simplified threat modeling and attack trees to identify potential risks early in the development lifecycle.

#7about 11 minutes

Using security tooling effectively without slowing developers

Effective tooling involves a mix of static analysis (SAST), red team tools, and unit tests, but success depends on managing false positives and matching the tool's rigor to the application's risk profile.

#8about 6 minutes

Panelists share their wishes for a more secure future

Panelists wish for improvements ranging from better communication and fewer dependencies to a perfect body of security knowledge and smarter IDE integrations.

#9about 4 minutes

What panelists love about working in cybersecurity

The panelists conclude by sharing their passion for the field, highlighting the noble goal of protecting people, the constant learning, and collaborative problem-solving.