Conference:  Global AppSec San Francisco 2022

Authors: Or Sahar, Yariv Tal

2022-11-17

After many years of developing, mentoring developers, and security research we reach the conclusion that there is a profound failure in the way we teach secure code. Developers arrive at organizations after years of studying and then once in a while participate in secure code courses, sometimes only because of the regulation. In that way, developers arrive at the secure code course after they got used to bad habits, security-wise. It's difficult to change the way they code at that point. We want to change the situation and implement security awareness before their first line of code. We want that every StackOverflow author would write secure code in her/his tutorial. Let's talk about secure code from scratch!