The art of negative thinking: Sharing scary stories to keep your software safe

By: Erlend Andreas Gjære

Building a culture for proactively defending your product is a bigger fish to fry than detecting and fixing isolated weaknesses and vulnerabilities every once in a while. Luckily, everyone loves a good story, and this is where exercises come in to make your software development process more secure. Based on first-hand exercises done with different kinds of stakeholders, including product teams, developers, operations, customer support and management – we will explore how various storylines can bring awareness and action to the chapter where heroes defeat the villains.