Safeguard
Tag

security-culture

Safeguard articles tagged "security-culture" — guides, analysis, and best practices for software supply chain and application security.

26 articles

Culture

PentesterLand and Other Security Research Feeds Worth Following

PentesterLand's weekly link roundup of write-ups, tools, and CTF material is one of the best-curated feeds in offensive security — here's what it covers and what else belongs in the same reading list.

Sep 9, 20254 min read
DevSecOps

What CISOs Get Wrong About Developer Security Habits

CISOs blame developer negligence for supply chain risk, but the real issue is alert noise, tool sprawl, and audits that miss day-to-day behavior. Here's what the data actually shows.

Jul 16, 20258 min read
Culture

Online Security Courses and Training Platforms Worth Your Time

There are hundreds of online security courses competing for your attention — here's how to pick a cybersecurity training platform that actually builds skill, plus where to find solid owasp top 10 training free of charge.

May 14, 20255 min read
Culture

What Is a Security Champions Program?

AppSec teams are outnumbered 100 to 1 by developers. A security champions program is the only staffing model that scales — here is how to build one that lasts.

Feb 11, 20256 min read
Industry Analysis

DevSecOps Automation Maturity in 2024: Where Teams Actually Stand

Industry surveys and real-world data paint a sobering picture of DevSecOps automation maturity. Most organizations are still in the early stages despite years of investment.

Dec 5, 20247 min read
DevSecOps

SecDevOps vs DevSecOps: Is There Actually a Difference?

The SecDevOps definition and the DevSecOps definition describe nearly identical practices, but the word order isn't purely cosmetic, it signals a real difference in where security sits in the pipeline.

Aug 14, 20245 min read
Best Practices

DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes

Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.

Jun 15, 20246 min read
AppSec

What Is AppSec, and Who Owns It on a Modern Team?

AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.

Mar 11, 20245 min read
How-To Guide

Building a Security Champions Program

A step-by-step guide to launching a security champions program that scales your security team's influence across engineering without hiring a dozen new AppSec engineers.

Feb 28, 20247 min read
Best Practices

Security Awareness Training That Developers Don't Hate

Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.

Feb 20, 20247 min read
Case Studies

Netflix's Open-Source Security Approach

How Netflix manages security across hundreds of open-source projects and thousands of internal dependencies while maintaining the velocity that streaming demands.

Jan 22, 20247 min read
Security Culture

Cross-Functional Security Collaboration

Security isn't just the security team's problem. Building effective collaboration between security, engineering, product, and operations is essential for supply chain defense.

Mar 18, 20236 min read
security-culture (Page 2) — Safeguard Blog