CHCon PETE NICHOLLS – BECOMING A SECURITY-CONSCIOUS SOFTWARE COMPANY, https://2019.chcon.nz/talks/pete-nicholls/
How do you adopt best security practices at your software development company? Earlier this year the company I work for decided to get serious about security, and gave me the task of figuring out how to do that. Here’s everything I wished I knew when I started.
- “Buy, Measure, Bake & Share”
- Metrics via OKRs (John Doerr, What To Measure)
- Get buy-in, work out how to measure “improvement”, get everyone involved, and open-source your process
- Don't dictate, give people tools to be responsible for getting better themselves