300,000 名开发人员到底采取了哪些安全措施?
BSIMM 8 出来了!太棒了。这是唯一一项关于大型组织为生产安全软件而采取了哪些安全措施的大规模研究。
该研究由应用程序安全专业人员在 Gary McGraw 的监督下进行,确保收集的数据一致、准确,并深入了解了 300,000 名开发人员的日常工作。在我最新的演示中,我引用了 BSIMM 的数字,其中提到平均每100名开发人员中有2名应用程序安全专业人员。
但是,自 BSIMM4 以来,情况并非如此。BSIMM8 报告说,这个数字甚至更少,目前为每 100 名开发者 1.6 人。由于人才短缺,雇用更多的应用程序安全专业人员根本行不通。我们比以往任何时候都更需要为开发人员提供工具和培训,让他们能够编写可供组织动手操作、随时可用且可扩展的安全代码。
该报告还显示,培训实践中最常见的活动是向所有员工提供意识培训,占67%。我开始绘制我们在Secure Code Warrior(SCW)的培训实践中所做的事情,并意识到我们的解决方案可以勾选培训实践中的所有 12 项活动,从级别 1(大多数公司都这样做)到 3 级(很少有公司这样做)。
一个可以用来涵盖整个练习的单一解决方案!在 12 种培训实践中,Secure Code Warrior 解决方案中最有趣的实践是:
- 级别 1:提供意识培训
- 级别 1:按需提供个人培训
- 级别 2:通过训练增强卫星(SCW 指标)
- 第 3 级:通过课程奖励进度(SCW 徽章)
- 级别 3:为供应商或外包员工提供培训(SCW 评估)
- 级别 3:举办外部软件安全活动(SCW 锦标赛模式)
- 级别 3:通过训练识别卫星(SCW 指标)
你有信心你当前的解决方案可以解决这些问题吗?
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realized that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations. When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realized that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations. When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.
Matias is a researcher and developer with more than 15 years of hands-on software security experience. He has developed solutions for companies such as Fortify Software and his own company Sensei Security. Over his career, Matias has led multiple application security research projects which have led to commercial products and boasts over 10 patents under his belt. When he is away from his desk, Matias has served as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec and BruCon.
Matias holds a Ph.D. in Computer Engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application.
BSIMM 8 出来了!太棒了。这是唯一一项关于大型组织为生产安全软件而采取了哪些安全措施的大规模研究。
该研究由应用程序安全专业人员在 Gary McGraw 的监督下进行,确保收集的数据一致、准确,并深入了解了 300,000 名开发人员的日常工作。在我最新的演示中,我引用了 BSIMM 的数字,其中提到平均每100名开发人员中有2名应用程序安全专业人员。
但是,自 BSIMM4 以来,情况并非如此。BSIMM8 报告说,这个数字甚至更少,目前为每 100 名开发者 1.6 人。由于人才短缺,雇用更多的应用程序安全专业人员根本行不通。我们比以往任何时候都更需要为开发人员提供工具和培训,让他们能够编写可供组织动手操作、随时可用且可扩展的安全代码。
该报告还显示,培训实践中最常见的活动是向所有员工提供意识培训,占67%。我开始绘制我们在Secure Code Warrior(SCW)的培训实践中所做的事情,并意识到我们的解决方案可以勾选培训实践中的所有 12 项活动,从级别 1(大多数公司都这样做)到 3 级(很少有公司这样做)。
一个可以用来涵盖整个练习的单一解决方案!在 12 种培训实践中,Secure Code Warrior 解决方案中最有趣的实践是:
- 级别 1:提供意识培训
- 级别 1:按需提供个人培训
- 级别 2:通过训练增强卫星(SCW 指标)
- 第 3 级:通过课程奖励进度(SCW 徽章)
- 级别 3:为供应商或外包员工提供培训(SCW 评估)
- 级别 3:举办外部软件安全活动(SCW 锦标赛模式)
- 级别 3:通过训练识别卫星(SCW 指标)
你有信心你当前的解决方案可以解决这些问题吗?
BSIMM 8 出来了!太棒了。这是唯一一项关于大型组织为生产安全软件而采取了哪些安全措施的大规模研究。
该研究由应用程序安全专业人员在 Gary McGraw 的监督下进行,确保收集的数据一致、准确,并深入了解了 300,000 名开发人员的日常工作。在我最新的演示中,我引用了 BSIMM 的数字,其中提到平均每100名开发人员中有2名应用程序安全专业人员。
但是,自 BSIMM4 以来,情况并非如此。BSIMM8 报告说,这个数字甚至更少,目前为每 100 名开发者 1.6 人。由于人才短缺,雇用更多的应用程序安全专业人员根本行不通。我们比以往任何时候都更需要为开发人员提供工具和培训,让他们能够编写可供组织动手操作、随时可用且可扩展的安全代码。
该报告还显示,培训实践中最常见的活动是向所有员工提供意识培训,占67%。我开始绘制我们在Secure Code Warrior(SCW)的培训实践中所做的事情,并意识到我们的解决方案可以勾选培训实践中的所有 12 项活动,从级别 1(大多数公司都这样做)到 3 级(很少有公司这样做)。
一个可以用来涵盖整个练习的单一解决方案!在 12 种培训实践中,Secure Code Warrior 解决方案中最有趣的实践是:
- 级别 1:提供意识培训
- 级别 1:按需提供个人培训
- 级别 2:通过训练增强卫星(SCW 指标)
- 第 3 级:通过课程奖励进度(SCW 徽章)
- 级别 3:为供应商或外包员工提供培训(SCW 评估)
- 级别 3:举办外部软件安全活动(SCW 锦标赛模式)
- 级别 3:通过训练识别卫星(SCW 指标)
你有信心你当前的解决方案可以解决这些问题吗?
点击下面的链接并下载此资源的PDF。
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
查看报告预订演示
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realized that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations. When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.
Matias is a researcher and developer with more than 15 years of hands-on software security experience. He has developed solutions for companies such as Fortify Software and his own company Sensei Security. Over his career, Matias has led multiple application security research projects which have led to commercial products and boasts over 10 patents under his belt. When he is away from his desk, Matias has served as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec and BruCon.
Matias holds a Ph.D. in Computer Engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application.
BSIMM 8 出来了!太棒了。这是唯一一项关于大型组织为生产安全软件而采取了哪些安全措施的大规模研究。
该研究由应用程序安全专业人员在 Gary McGraw 的监督下进行,确保收集的数据一致、准确,并深入了解了 300,000 名开发人员的日常工作。在我最新的演示中,我引用了 BSIMM 的数字,其中提到平均每100名开发人员中有2名应用程序安全专业人员。
但是,自 BSIMM4 以来,情况并非如此。BSIMM8 报告说,这个数字甚至更少,目前为每 100 名开发者 1.6 人。由于人才短缺,雇用更多的应用程序安全专业人员根本行不通。我们比以往任何时候都更需要为开发人员提供工具和培训,让他们能够编写可供组织动手操作、随时可用且可扩展的安全代码。
该报告还显示,培训实践中最常见的活动是向所有员工提供意识培训,占67%。我开始绘制我们在Secure Code Warrior(SCW)的培训实践中所做的事情,并意识到我们的解决方案可以勾选培训实践中的所有 12 项活动,从级别 1(大多数公司都这样做)到 3 级(很少有公司这样做)。
一个可以用来涵盖整个练习的单一解决方案!在 12 种培训实践中,Secure Code Warrior 解决方案中最有趣的实践是:
- 级别 1:提供意识培训
- 级别 1:按需提供个人培训
- 级别 2:通过训练增强卫星(SCW 指标)
- 第 3 级:通过课程奖励进度(SCW 徽章)
- 级别 3:为供应商或外包员工提供培训(SCW 评估)
- 级别 3:举办外部软件安全活动(SCW 锦标赛模式)
- 级别 3:通过训练识别卫星(SCW 指标)
你有信心你当前的解决方案可以解决这些问题吗?
目录
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realized that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations. When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示下载帮助您入门的资源
%20(1).avif)
.avif)
Threat Modeling with AI: Turning Every Developer into a Threat Modeler
Walk away better equipped to help developers combine threat modeling ideas and techniques with the AI tools they're already using to strengthen security, improve collaboration, and build more resilient software from the start.
