The collective experience of SAFECode’s member companies has shown that software security is most successful when it is treated as a process that reflects an individual companies culture and unique development needs. Supporting this process through software security training is essential. In fact, the lack of security engineering awareness and education among the software engineering workforce can be a significant obstacle to organizations working to implement software security programs.
Though our analysis has shown that security training is most effective when aligned to an organization’s unique culture and security development process, we recognize that not every organization has the resources required to develop custom training. We hope that this program can help other organizations overcome this challenge and provide them with the tools they need to create a training program that works for their environment.