For the first time, there was visible, top-level support for raising the standards of software quality and security, with a push towards vendor, as opposed to end-user, accountability for ensuring code shipped free from vulnerabilities.
  
However, consensus on the real-world implementation of these principles at the enterprise level has proved elusive. Among security professionals, there does not appear to be a consensus on what constitutes Secure by Design, much less a standard pathway being followed to achieve it. Secure Code Warrior interviewed enterprise security professionals focusing on building software, diving deep into their current approaches to Secure by Design principles, including how it is being implemented into their current security posture and Software Development Life Cycle (SDLC). It became apparent that there was no widely accepted standard for implementing CISA’s guidance, nor were there active benchmarks to determine successful rollout. This must be corrected rapidly if we, as an industry, are to reap the benefits of heightened security accountability and software quality.

  

In this research paper, Secure Code Warrior co-founders, Pieter Danhieux and Dr. Matias Madou, Ph.D., along with expert contributors, Chris Inglis, Former US National Cyber Director (now Strategic Advisor to Paladin Capital Group), and Devin Lynch, Senior Director, Paladin Global Institute, will reveal key findings from over twenty in-depth interviews with enterprise security leaders including CISOs, a VP of Application Security, and software security professionals, including:

• Insights into common security program challenges faced in the enterprise;
• The role of Secure by Design initiatives, including how these are activated and distributed among teams;
• The role of AI in software development, and modern threat modeling;
• Interpretations of best practices, and the role precision data and benchmarking can play in industry-wide alignment with a viable Secure by Design strategy.