security-culture
Safeguard articles tagged "security-culture" — guides, analysis, and best practices for software supply chain and application security.
26 articles
PentesterLand and Other Security Research Feeds Worth Following
PentesterLand's weekly link roundup of write-ups, tools, and CTF material is one of the best-curated feeds in offensive security — here's what it covers and what else belongs in the same reading list.
What CISOs Get Wrong About Developer Security Habits
CISOs blame developer negligence for supply chain risk, but the real issue is alert noise, tool sprawl, and audits that miss day-to-day behavior. Here's what the data actually shows.
Online Security Courses and Training Platforms Worth Your Time
There are hundreds of online security courses competing for your attention — here's how to pick a cybersecurity training platform that actually builds skill, plus where to find solid owasp top 10 training free of charge.
What Is a Security Champions Program?
AppSec teams are outnumbered 100 to 1 by developers. A security champions program is the only staffing model that scales — here is how to build one that lasts.
DevSecOps Automation Maturity in 2024: Where Teams Actually Stand
Industry surveys and real-world data paint a sobering picture of DevSecOps automation maturity. Most organizations are still in the early stages despite years of investment.
SecDevOps vs DevSecOps: Is There Actually a Difference?
The SecDevOps definition and the DevSecOps definition describe nearly identical practices, but the word order isn't purely cosmetic, it signals a real difference in where security sits in the pipeline.
DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes
Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.
What Is AppSec, and Who Owns It on a Modern Team?
AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.
Building a Security Champions Program
A step-by-step guide to launching a security champions program that scales your security team's influence across engineering without hiring a dozen new AppSec engineers.
Security Awareness Training That Developers Don't Hate
Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.
Netflix's Open-Source Security Approach
How Netflix manages security across hundreds of open-source projects and thousands of internal dependencies while maintaining the velocity that streaming demands.
Cross-Functional Security Collaboration
Security isn't just the security team's problem. Building effective collaboration between security, engineering, product, and operations is essential for supply chain defense.