Welcome to the first episode of our Security Culture Campaign! On today’s show Matt Konda introduces the campaign and why we’re doing it.

Click here for the associated YouTube video.

The Jemurai Security Culture Campaign Series will be a stream of topical content intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.

Of course, really making security part of an organizational culture means a lot more than just having content and giving some cycles to security.

It means that:

  1. When developers say they need time to work on security, they get it
  2. There is broad tool support
  3. Questions and issues are treated as opportunities for improvement
  4. Testing is automated and encouraged
  5. Stakeholders understand how the systems might be misused
  6. People are continually learning

It typically takes ongoing effort over a period of time and relationship building as well.

We hope that the content here will be a part of helping dev teams to build a security positive culture.

Matt Konda

Matt is a software engineer. He's our CEO and former Chair & OWASP Board Member.