Member-only story
20+ years of software security assessments, have we learned anything?
I have been working in the software engineering industry since 1997 and with a more concrete cyber security and software assurance tone since 2004. My first experiences with programming date back to ~1985, when things like Commodore VIC-20 were a thing, but let’s maybe not go that far back, when the threat landscape and attack vectors were mostly limited to the front door of our house.
Security is important, right?
Of course, software security has always been a relevant, if not an important, part of software engineering, but it has not always been and still isn’t so explicitly stated, let alone documented or otherwise visible part of the work itself. Why is that and is it ever going to change?
In addition to few in-house software roles, I worked as a contractor and a consultant in the penetration testing, secure software development and organization level cyber security space for about 16 years. Several different types of assignments were delivered during this time period, giving a decent view on the overall status and activities in the software security and cyber security domains, covering both private and public sector organizations of all sizes and a ton of different technology stacks and deployment platforms.
