Whitepaper

Secure by Design: Defining Best Practices, Enabling Developers and Benchmarking Preventative Security Outcomes

April 28, 2025
Secure Code Warrior
Download this Resource
Thank you for your submission!
Download Resource
There was an error. Please try again!

It has been two years since the United States government’s Cybersecurity & Infrastructure Security Agency (CISA) released its comprehensive Secure by Design guidelines, signaling a watershed moment affecting software manufacturers. For the first time, there was visible, top-level support for raising the standards of software quality and security, with a push towards vendor—as opposed to end-user—accountability for ensuring code shipped free from vulnerabilities.

However, consensus on the real-world implementation of these principles at the enterprise level has proved elusive. Among security professionals, there does not appear to be a consensus on what constitutes Secure by Design, much less a standard pathway being followed to achieve it. Secure Code Warrior interviewed enterprise security professionals focusing on building software, diving deep into their current approaches to Secure by Design principles, including how it is being implemented into their current security posture and Software Development Life Cycle (SDLC). It became apparent that there was no widely accepted standard for implementing CISA’s guidance, nor were there active benchmarks to determine successful rollout. This must be corrected rapidly if we, as an industry, are to reap the benefits of heightened security accountability and software quality. 

In this research paper, Secure Code Warrior co-founders, Pieter Danhieux and Dr. Matias Madou, Ph.D., along with expert contributors, Chris Inglis, Former US National Cyber Director (now Strategic Advisor to Paladin Capital Group), and Devin Lynch, Senior Director, Paladin Global Institute, will reveal key findings from over twenty in-depth interviews with enterprise security leaders including CISOs, a VP of Application Security, and software security professionals, including:

  • Insights into common security program challenges faced in the enterprise;
  • The role of Secure by Design initiatives, including how these are activated and distributed among teams;
  • The role of AI in software development, and modern threat modeling;
  • Interpretations of best practices, and the role precision data and benchmarking can play in industry-wide alignment with a viable Secure by Design strategy. 

Share on social
标语

Govern AI-driven development before it ships

Measure AI-assisted risk, enforce secure coding policy at commit, and accelerate secure delivery across your SDLC.

book a demo
标语

这是一个带有标签和样式选项的动态标题

Lorem Issum diam quis eim leboutis ein selerisque lobortis sepitis beelrisque lobortis sepitis celerisque lobortis celeriskue filmentis celeriskue filmentis celeriskue diam

browse all
Case Study
Filter Label
This is some text inside of a div block.

Supercharged Security Awareness: How Tournaments are Inspiring Developers at Erste Group

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Security as culture: How Blue Prism cultivates world-class secure developers

Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed

Learn More
Case Study
Filter Label
This is some text inside of a div block.

One Culture of Security: How Sage built their security champions program with agile secure code learning

Discover how Sage enhanced security with a flexible, relationship-focused approach, creating 200+ security champions and achieving measurable risk reduction.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Trust Agent:AI - Secure and scale AI-Drive development

AI is writing code. Who’s governing it? With up to 50% of AI-generated code containing security weaknesses, managing AI risk is critical. Discover how SCW's Trust Agent: AI provides the real-time visibility, proactive governance, and targeted upskilling needed to scale AI-driven development securely.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

The Power of OpenText Application Security + Secure Code Warrior

OpenText Application Security and Secure Code Warrior combine vulnerability detection with AI Software Governance and developer capability. Together, they help organizations reduce risk, strengthen secure coding practices, and confidently adopt AI-driven development.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Secure Code Warrior corporate overview

Secure Code Warrior is an AI Software Governance platform designed to enable organizations to safely adopt AI-driven development by bridging the gap between development velocity and enterprise security. The platform addresses the "Visibility Gap," where security teams often lack insights into shadow AI coding tools and the origins of production code.

Learn More

Secure AI-driven development before it ships

See developer risk, enforce policy, and prevent vulnerabilities across your software development lifecycle.

book a demo
No items found.
No items found.