In order to reduce the risk to our applications, we must start hiring resources that come in with some level of secure development knowledge. As a matter of fact, it shouldn't even be thought of as security knowledge, but just good development knowledge. Job Description The first question that pops up is around writing job descriptions. How much "security" should be in a job description for a developer role? Does it change from entry level engineer to a senior level engineer? I think there … [Read more...] about Tips for hiring developers with security experience
hiring
Thinking about starting a bug bounty? Do this first.
Application security has become an important topic within our organizations. We have come to understand that the data that we deem sensitive and critical to our business is made available through these applications. With breaches happening all the time, it is critical to take reasonable steps to help protect that data by ensuring that our applications are implementing strong controls. Over the years, testing has been the main avenue for "implementing" security into applications. We have seen a … [Read more...] about Thinking about starting a bug bounty? Do this first.