Last time, I wrote about how an organization can get started with software security.
Today I will look at how to do that as an individual.
From Development To Secure Development
As a developer, I wasn’t always aware of the security implications of my actions.
Now that I’m the Engineering Security Champion for my project, I have to be.
As an aspiring software craftsman, I realize that personal efforts are only half the story. The other half is the community of professionals.
Secure Development Communities
I’m lucky to work in a big organization, where such a community already exist.
EMC’s Product Security Office (PSO) provides me with a personal security adviser, maintains a security-related wiki, and operates a space on our internal collaboration environment.
If your organization doesn’t have something like our PSO, you can look elsewhere. (And if it does, you should look outside too!)
OWASP is a great place to start.
They actually have three sub-communities, one of which is for Builders.
But it’s also good to look at the other sub-communities, since they’re all related. Looking at things from the perspective of the others can be quite enlightening.
Contributing To The Community
So far I’ve talked about taking in information, but you shouldn’t forget to share your personal experiences as well.
You may think you know very little yet, but even then it’s valuable to share.
It helps to organize your thoughts, which is crucial when learning and you may find you’ll gain insights from comments that readers leave as well.
More to the point, there are many others out there that are getting started and who would benefit from seeing they are not alone.
There are other ways to contribute as well. You could join or start an OWASP chapter, for instance.
What Do You Think?
How did you get started with software security? How do you keep up with the field? What communities are you part of? Please leave a comment.