Secure Code Warrior and Bugcrowd: A Match Made in Security Geek Heaven22nd May 2019
Like many people in the security industry, I and several colleagues made the journey in March to the RSA Conference in San Francisco. Although an extremely busy time of year, it is truly one of my favorite events. One part I particularly look forward to is Bugcrowd’s Mayhem at the Mint, which is a chance to relax and have a great time with peers and friends after long conference days.
This year was a little different, though. We had a lot to personally celebrate. As sponsors of the event, we had our own cocktail on the night (Secure Code Sangria, of course), but the thing that really made me want to party was our new partnership with Bugcrowd. It’s official: we are joining forces in the fight to educate, empower and enlighten developers on secure coding.
I enjoyed and appreciated the enthusiasm expressed from the wider industry regarding this announcement, particularly the article and podcast episode from ITSPmagazine. In speaking to Bugcrowd’s Casey Ellis and Jason Haddix, editor Sean Martin truly captured the essence of why we do what we do: it’s because meaningful change takes a crowd. Bugcrowd has long recognized this, and working together to turn software engineers all over the world into security superheroes is a dream come true.
After more than twenty years of breaking stuff, finding and fixing vulnerabilities that have wreaked havoc on the world, it has become more apparent than ever that the conversation around security must change. ‘Hackers’ aren’t always the bad guys; their inherent skills are invaluable in the software fortification process, and we need to make a concerted effort to start left. It shouldn’t be a novel concept to try out someday, it should be core to the software development lifecycle. To do this, we and Bugcrowd are committed to changing the perception many developers have of security: that it is an inconvenient blocker to building functionality and features.
Security training to date has been inadequate. Far too infrequent, often irrelevant to day-to-day coding activities or simply not engaging the hearts and minds of developers. Secure Code Warrior seeks to change that - learning about secure coding can be fun, and with Bugcrowd’s support, this message can be spread far and wide in the community we care so much about and seek to encourage.
Ultimately, we must reach a point where software security is synonymous with software quality; there is simply too much at stake these days to suggest otherwise. And with this partnership, I believe we can get developers actually excited about secure development. A thriving environment of security awareness and a positive culture is key, and I couldn’t think of any other company more perfect to get us there.
Watch this space: the security conversation is about to dramatically shift left.