Kamer van Koophandel Sets the Standard for Developer-Driven Security at Scale
Key Takeaways
Kamer van Koophandel (KVK) has built a modern, developer-first security program that stands out as a model for the industry. In partnership with Secure Code Warrior, KVK has embedded secure coding practices into everyday development workflows, established a structured certification program embraced across the organization, and achieved measurable risk reduction that demonstrates the power of a proactive, developer-driven approach to security. Highlights include:
"We already had a strong security foundation, but we wanted to take it further and make security second nature for every developer. That’s why we partnered with Secure Code Warrior and made education the cornerstone of our strategy, equipping our teams to build secure software with confidence from the start."
– Sebastiaan Rijnbout, Product Owner of Development Services
The challenge
Creating a Developer-First Security Mindset
KVK, the Netherlands Chamber of Commerce, plays a pivotal role in supporting entrepreneurs across the Netherlands. As the official body responsible for registering businesses, legal entities, and organizations engaged in economic activities, KVK fosters transparency and strengthens the integrity of the business ecosystem. Beyond registration, KVK provides valuable information and advice on key entrepreneurial topics, from legal and regulatory guidance to insights on financing, current developments, and cybersecurity. By offering reliable data and collaborating with both national and regional economic stakeholders, KVK helps create a secure and well-informed environment for entrepreneurs to thrive in. When KVK began its journey to further enhance application security, it had established foundational security measures in place, including penetration testing. While these measures provided valuable insights, KVK saw an opportunity to scale security earlier in the development lifecycle and empower developers to take ownership of risk reduction.
In 2022, KVK selected Secure Code Warrior and launched its first secure coding training initiative with a developer-focused approach. What began as a grassroots effort to engage developers, quickly evolved into a cross-functional program backed by leadership and the CISO office, transforming secure development from an aspiration into an organizational standard.
The solution
Building a Culture, Not Just a Program
With sponsorship from the CISO, KVK’s Secure Software Development Lifecycle team partnered with Secure Code Warrior to define an organization-wide strategy and build a mandatory, role-based certification program that:
KVK harnessed the flexibility of Secure Code Warrior’s platform to create a certification program tailored to their unique organizational needs. By mapping training programs to specific roles, new hires begin with OWASP Top 10 awareness training, while senior engineers tackle advanced, scenario-based exercises mapped to real-world workflows. Champion-level developers mentor peers, foster knowledge-sharing, and help scale security expertise across teams. KVK’s program includes annual re-certification to ensure skills stay current, with full implementation underway as the organization continues to expand coverage and adapt to new risks like AI-driven vulnerabilities and emerging threats.
“Integrating certifications into our development process was a turning point,” said Sebastiaan. “It showed every developer that security is a shared priority and a natural part of how we build software. With Secure Code Warrior, learning isn’t a one-off event, it’s continuous, contextual, and seamlessly woven into our daily development culture.”
The result: training felt relevant, achievable, and directly tied to developers’ day-to-day work. By early 2024, 90% of KVK developers had achieved the Foundation level certification — a milestone that validated both the strategy and the cultural shift toward developer-led security.
The Results
Real Impact, Measurable Progress
KVK’s investment in secure development with Secure Code Warrior has delivered powerful results:
KVK leverages SCW Trust Score®, a benchmark that measures an organization’s commitment to secure coding practices based on key security metrics. Over the course of six months, KVK’s Trust Score rose significantly, placing them in the top 12% of organizations worldwide.
“The SCW Trust Score gives us clear, data-driven visibility into where our risks lie and how to focus our training where it matters most,” Sebastiaan explained. “It’s not just a benchmark, it’s a roadmap that helps us prove progress, and demonstrate the real business value of secure development.”
KVK, in partnership with Secure Code Warrior, has set a new standard for developer-driven security. By uniting strong leadership, a clear strategy, and measurable outcomes, they have transformed secure development into a core business capability, one that meets compliance requirements and serves as a model for the industry. With SCW’s reporting aligned to ISO 27001/27002 certification standards, KVK can also validate its program’s effectiveness during audits, demonstrating that secure development is not merely recommended, it is required.
KVK has plans to expand its certification program beyond engineering to include QA testers, DevOps, and low-code developers, reinforcing that security is a shared responsibility across the organization. They also plan to introduce SCW’s AI/LLM-focused content to help developers code securely alongside tools like GitHub Copilot and are working with SCW Professional Services to optimize the rollout of Trust Agent. These efforts showcase what’s possible when secure coding becomes a shared responsibility, not just for developers but for the entire organization.
“Our partnership with Secure Code Warrior has been smooth and productive,” said Sebastiaan. “They helped us implement and improve our training program, resulting in measurable risk reduction and a stronger culture of secure development.”
With Secure Code Warrior, KVK has laid a strong foundation for secure development, and they’re just getting started.
Kamer van Koophandel shares how it embedded secure coding into everyday development through role-based certifications, Trust Score benchmarking, and a culture of shared security ownership.
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
Key Takeaways
Kamer van Koophandel (KVK) has built a modern, developer-first security program that stands out as a model for the industry. In partnership with Secure Code Warrior, KVK has embedded secure coding practices into everyday development workflows, established a structured certification program embraced across the organization, and achieved measurable risk reduction that demonstrates the power of a proactive, developer-driven approach to security. Highlights include:
"We already had a strong security foundation, but we wanted to take it further and make security second nature for every developer. That’s why we partnered with Secure Code Warrior and made education the cornerstone of our strategy, equipping our teams to build secure software with confidence from the start."
– Sebastiaan Rijnbout, Product Owner of Development Services
The challenge
Creating a Developer-First Security Mindset
KVK, the Netherlands Chamber of Commerce, plays a pivotal role in supporting entrepreneurs across the Netherlands. As the official body responsible for registering businesses, legal entities, and organizations engaged in economic activities, KVK fosters transparency and strengthens the integrity of the business ecosystem. Beyond registration, KVK provides valuable information and advice on key entrepreneurial topics, from legal and regulatory guidance to insights on financing, current developments, and cybersecurity. By offering reliable data and collaborating with both national and regional economic stakeholders, KVK helps create a secure and well-informed environment for entrepreneurs to thrive in. When KVK began its journey to further enhance application security, it had established foundational security measures in place, including penetration testing. While these measures provided valuable insights, KVK saw an opportunity to scale security earlier in the development lifecycle and empower developers to take ownership of risk reduction.
In 2022, KVK selected Secure Code Warrior and launched its first secure coding training initiative with a developer-focused approach. What began as a grassroots effort to engage developers, quickly evolved into a cross-functional program backed by leadership and the CISO office, transforming secure development from an aspiration into an organizational standard.
The solution
Building a Culture, Not Just a Program
With sponsorship from the CISO, KVK’s Secure Software Development Lifecycle team partnered with Secure Code Warrior to define an organization-wide strategy and build a mandatory, role-based certification program that:
KVK harnessed the flexibility of Secure Code Warrior’s platform to create a certification program tailored to their unique organizational needs. By mapping training programs to specific roles, new hires begin with OWASP Top 10 awareness training, while senior engineers tackle advanced, scenario-based exercises mapped to real-world workflows. Champion-level developers mentor peers, foster knowledge-sharing, and help scale security expertise across teams. KVK’s program includes annual re-certification to ensure skills stay current, with full implementation underway as the organization continues to expand coverage and adapt to new risks like AI-driven vulnerabilities and emerging threats.
“Integrating certifications into our development process was a turning point,” said Sebastiaan. “It showed every developer that security is a shared priority and a natural part of how we build software. With Secure Code Warrior, learning isn’t a one-off event, it’s continuous, contextual, and seamlessly woven into our daily development culture.”
The result: training felt relevant, achievable, and directly tied to developers’ day-to-day work. By early 2024, 90% of KVK developers had achieved the Foundation level certification — a milestone that validated both the strategy and the cultural shift toward developer-led security.
The Results
Real Impact, Measurable Progress
KVK’s investment in secure development with Secure Code Warrior has delivered powerful results:
KVK leverages SCW Trust Score®, a benchmark that measures an organization’s commitment to secure coding practices based on key security metrics. Over the course of six months, KVK’s Trust Score rose significantly, placing them in the top 12% of organizations worldwide.
“The SCW Trust Score gives us clear, data-driven visibility into where our risks lie and how to focus our training where it matters most,” Sebastiaan explained. “It’s not just a benchmark, it’s a roadmap that helps us prove progress, and demonstrate the real business value of secure development.”
KVK, in partnership with Secure Code Warrior, has set a new standard for developer-driven security. By uniting strong leadership, a clear strategy, and measurable outcomes, they have transformed secure development into a core business capability, one that meets compliance requirements and serves as a model for the industry. With SCW’s reporting aligned to ISO 27001/27002 certification standards, KVK can also validate its program’s effectiveness during audits, demonstrating that secure development is not merely recommended, it is required.
KVK has plans to expand its certification program beyond engineering to include QA testers, DevOps, and low-code developers, reinforcing that security is a shared responsibility across the organization. They also plan to introduce SCW’s AI/LLM-focused content to help developers code securely alongside tools like GitHub Copilot and are working with SCW Professional Services to optimize the rollout of Trust Agent. These efforts showcase what’s possible when secure coding becomes a shared responsibility, not just for developers but for the entire organization.
“Our partnership with Secure Code Warrior has been smooth and productive,” said Sebastiaan. “They helped us implement and improve our training program, resulting in measurable risk reduction and a stronger culture of secure development.”
With Secure Code Warrior, KVK has laid a strong foundation for secure development, and they’re just getting started.
Key Takeaways
Kamer van Koophandel (KVK) has built a modern, developer-first security program that stands out as a model for the industry. In partnership with Secure Code Warrior, KVK has embedded secure coding practices into everyday development workflows, established a structured certification program embraced across the organization, and achieved measurable risk reduction that demonstrates the power of a proactive, developer-driven approach to security. Highlights include:
"We already had a strong security foundation, but we wanted to take it further and make security second nature for every developer. That’s why we partnered with Secure Code Warrior and made education the cornerstone of our strategy, equipping our teams to build secure software with confidence from the start."
– Sebastiaan Rijnbout, Product Owner of Development Services
The challenge
Creating a Developer-First Security Mindset
KVK, the Netherlands Chamber of Commerce, plays a pivotal role in supporting entrepreneurs across the Netherlands. As the official body responsible for registering businesses, legal entities, and organizations engaged in economic activities, KVK fosters transparency and strengthens the integrity of the business ecosystem. Beyond registration, KVK provides valuable information and advice on key entrepreneurial topics, from legal and regulatory guidance to insights on financing, current developments, and cybersecurity. By offering reliable data and collaborating with both national and regional economic stakeholders, KVK helps create a secure and well-informed environment for entrepreneurs to thrive in. When KVK began its journey to further enhance application security, it had established foundational security measures in place, including penetration testing. While these measures provided valuable insights, KVK saw an opportunity to scale security earlier in the development lifecycle and empower developers to take ownership of risk reduction.
In 2022, KVK selected Secure Code Warrior and launched its first secure coding training initiative with a developer-focused approach. What began as a grassroots effort to engage developers, quickly evolved into a cross-functional program backed by leadership and the CISO office, transforming secure development from an aspiration into an organizational standard.
The solution
Building a Culture, Not Just a Program
With sponsorship from the CISO, KVK’s Secure Software Development Lifecycle team partnered with Secure Code Warrior to define an organization-wide strategy and build a mandatory, role-based certification program that:
KVK harnessed the flexibility of Secure Code Warrior’s platform to create a certification program tailored to their unique organizational needs. By mapping training programs to specific roles, new hires begin with OWASP Top 10 awareness training, while senior engineers tackle advanced, scenario-based exercises mapped to real-world workflows. Champion-level developers mentor peers, foster knowledge-sharing, and help scale security expertise across teams. KVK’s program includes annual re-certification to ensure skills stay current, with full implementation underway as the organization continues to expand coverage and adapt to new risks like AI-driven vulnerabilities and emerging threats.
“Integrating certifications into our development process was a turning point,” said Sebastiaan. “It showed every developer that security is a shared priority and a natural part of how we build software. With Secure Code Warrior, learning isn’t a one-off event, it’s continuous, contextual, and seamlessly woven into our daily development culture.”
The result: training felt relevant, achievable, and directly tied to developers’ day-to-day work. By early 2024, 90% of KVK developers had achieved the Foundation level certification — a milestone that validated both the strategy and the cultural shift toward developer-led security.
The Results
Real Impact, Measurable Progress
KVK’s investment in secure development with Secure Code Warrior has delivered powerful results:
KVK leverages SCW Trust Score®, a benchmark that measures an organization’s commitment to secure coding practices based on key security metrics. Over the course of six months, KVK’s Trust Score rose significantly, placing them in the top 12% of organizations worldwide.
“The SCW Trust Score gives us clear, data-driven visibility into where our risks lie and how to focus our training where it matters most,” Sebastiaan explained. “It’s not just a benchmark, it’s a roadmap that helps us prove progress, and demonstrate the real business value of secure development.”
KVK, in partnership with Secure Code Warrior, has set a new standard for developer-driven security. By uniting strong leadership, a clear strategy, and measurable outcomes, they have transformed secure development into a core business capability, one that meets compliance requirements and serves as a model for the industry. With SCW’s reporting aligned to ISO 27001/27002 certification standards, KVK can also validate its program’s effectiveness during audits, demonstrating that secure development is not merely recommended, it is required.
KVK has plans to expand its certification program beyond engineering to include QA testers, DevOps, and low-code developers, reinforcing that security is a shared responsibility across the organization. They also plan to introduce SCW’s AI/LLM-focused content to help developers code securely alongside tools like GitHub Copilot and are working with SCW Professional Services to optimize the rollout of Trust Agent. These efforts showcase what’s possible when secure coding becomes a shared responsibility, not just for developers but for the entire organization.
“Our partnership with Secure Code Warrior has been smooth and productive,” said Sebastiaan. “They helped us implement and improve our training program, resulting in measurable risk reduction and a stronger culture of secure development.”
With Secure Code Warrior, KVK has laid a strong foundation for secure development, and they’re just getting started.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
Key Takeaways
Kamer van Koophandel (KVK) has built a modern, developer-first security program that stands out as a model for the industry. In partnership with Secure Code Warrior, KVK has embedded secure coding practices into everyday development workflows, established a structured certification program embraced across the organization, and achieved measurable risk reduction that demonstrates the power of a proactive, developer-driven approach to security. Highlights include:
"We already had a strong security foundation, but we wanted to take it further and make security second nature for every developer. That’s why we partnered with Secure Code Warrior and made education the cornerstone of our strategy, equipping our teams to build secure software with confidence from the start."
– Sebastiaan Rijnbout, Product Owner of Development Services
The challenge
Creating a Developer-First Security Mindset
KVK, the Netherlands Chamber of Commerce, plays a pivotal role in supporting entrepreneurs across the Netherlands. As the official body responsible for registering businesses, legal entities, and organizations engaged in economic activities, KVK fosters transparency and strengthens the integrity of the business ecosystem. Beyond registration, KVK provides valuable information and advice on key entrepreneurial topics, from legal and regulatory guidance to insights on financing, current developments, and cybersecurity. By offering reliable data and collaborating with both national and regional economic stakeholders, KVK helps create a secure and well-informed environment for entrepreneurs to thrive in. When KVK began its journey to further enhance application security, it had established foundational security measures in place, including penetration testing. While these measures provided valuable insights, KVK saw an opportunity to scale security earlier in the development lifecycle and empower developers to take ownership of risk reduction.
In 2022, KVK selected Secure Code Warrior and launched its first secure coding training initiative with a developer-focused approach. What began as a grassroots effort to engage developers, quickly evolved into a cross-functional program backed by leadership and the CISO office, transforming secure development from an aspiration into an organizational standard.
The solution
Building a Culture, Not Just a Program
With sponsorship from the CISO, KVK’s Secure Software Development Lifecycle team partnered with Secure Code Warrior to define an organization-wide strategy and build a mandatory, role-based certification program that:
KVK harnessed the flexibility of Secure Code Warrior’s platform to create a certification program tailored to their unique organizational needs. By mapping training programs to specific roles, new hires begin with OWASP Top 10 awareness training, while senior engineers tackle advanced, scenario-based exercises mapped to real-world workflows. Champion-level developers mentor peers, foster knowledge-sharing, and help scale security expertise across teams. KVK’s program includes annual re-certification to ensure skills stay current, with full implementation underway as the organization continues to expand coverage and adapt to new risks like AI-driven vulnerabilities and emerging threats.
“Integrating certifications into our development process was a turning point,” said Sebastiaan. “It showed every developer that security is a shared priority and a natural part of how we build software. With Secure Code Warrior, learning isn’t a one-off event, it’s continuous, contextual, and seamlessly woven into our daily development culture.”
The result: training felt relevant, achievable, and directly tied to developers’ day-to-day work. By early 2024, 90% of KVK developers had achieved the Foundation level certification — a milestone that validated both the strategy and the cultural shift toward developer-led security.
The Results
Real Impact, Measurable Progress
KVK’s investment in secure development with Secure Code Warrior has delivered powerful results:
KVK leverages SCW Trust Score®, a benchmark that measures an organization’s commitment to secure coding practices based on key security metrics. Over the course of six months, KVK’s Trust Score rose significantly, placing them in the top 12% of organizations worldwide.
“The SCW Trust Score gives us clear, data-driven visibility into where our risks lie and how to focus our training where it matters most,” Sebastiaan explained. “It’s not just a benchmark, it’s a roadmap that helps us prove progress, and demonstrate the real business value of secure development.”
KVK, in partnership with Secure Code Warrior, has set a new standard for developer-driven security. By uniting strong leadership, a clear strategy, and measurable outcomes, they have transformed secure development into a core business capability, one that meets compliance requirements and serves as a model for the industry. With SCW’s reporting aligned to ISO 27001/27002 certification standards, KVK can also validate its program’s effectiveness during audits, demonstrating that secure development is not merely recommended, it is required.
KVK has plans to expand its certification program beyond engineering to include QA testers, DevOps, and low-code developers, reinforcing that security is a shared responsibility across the organization. They also plan to introduce SCW’s AI/LLM-focused content to help developers code securely alongside tools like GitHub Copilot and are working with SCW Professional Services to optimize the rollout of Trust Agent. These efforts showcase what’s possible when secure coding becomes a shared responsibility, not just for developers but for the entire organization.
“Our partnership with Secure Code Warrior has been smooth and productive,” said Sebastiaan. “They helped us implement and improve our training program, resulting in measurable risk reduction and a stronger culture of secure development.”
With Secure Code Warrior, KVK has laid a strong foundation for secure development, and they’re just getting started.
Table of contents
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Trust Agent:AI - Secure and scale AI-Drive development
AI is writing code. Who’s governing it? With up to 50% of AI-generated code containing security weaknesses, managing AI risk is critical. Discover how SCW's Trust Agent: AI provides the real-time visibility, proactive governance, and targeted upskilling needed to scale AI-driven development securely.
The Power of OpenText Application Security + Secure Code Warrior
OpenText Application Security and Secure Code Warrior combine vulnerability detection with AI Software Governance and developer capability. Together, they help organizations reduce risk, strengthen secure coding practices, and confidently adopt AI-driven development.
Secure Code Warrior corporate overview
Secure Code Warrior is an AI Software Governance platform designed to enable organizations to safely adopt AI-driven development by bridging the gap between development velocity and enterprise security. The platform addresses the "Visibility Gap," where security teams often lack insights into shadow AI coding tools and the origins of production code.
Secure code training topics & content
Our industry-leading content is always evolving to fit the ever changing software development landscape with your role in mind. Topics covering everything from AI to XQuery Injection, offered for a variety of roles from Architects and Engineers to Product Managers and QA. Get a sneak peek of what our content catalog has to offer by topic and role.
Resources to get you started
Observe and Secure the ADLC: A Four-Point Framework for CISOs and Development Teams Using AI
While development teams look to make the most of GenAI’s undeniable benefits, we’d like to propose a four-point foundational framework that will allow security leaders to deploy AI coding tools and agents with a higher, more relevant standard of security best practices. It details exactly what enterprises can do to ensure safe, secure code development right now, and as agentic AI becomes an even bigger factor in the future.
