Pieter Danhieux

How the Australian Government can build national cybersecurity resilience and stand tall against threats

It is clear from the Australian Government's push to get serious about cybersecurity that it has been identified as a key risk area on a national level, but is their strategy reaching far enough?

Shifting left is not enough: Why starting left is your key to software security excellence

Much of the initiative around "shifting left", that is, introducing security much earlier in the development process, simply doesnt move the needle far enough.

Certified security awareness: An Executive Order to elevate developers

The latest Executive Order from the US Federal Government touches on many aspects of functional cybersecurity, but for the first time, specifically outlines the impact of developers, and the need for them to have verified security skills and awareness.

The new NIST guidelines: Why customized training is essential to create secure software

The National Institute of Standards & Technology (NIST) released an updated white paper, detailing several action plans for reducing software vulnerabilities and cyber risk.

The growth spurt: Happy 5th birthday, Secure Code Warrior

I could have started this article with all the facts and figures indicating a thriving, hyper-growth startup; they are undeniably impressive and our ongoing company trajectory is strong. However, for me, these numbers don't reflect what I am most proud of in 2019.

Seven years of Secure Code Warrior, and it’s starting to feel real

Our birthday milestones are a wonderful reminder to reflect on the fruits of our labor, celebrate the team, and tackle the year ahead with confidence. And now, seven years since inception, I’m left wondering: Have we done it? Is this a real company yet? Of course, we have reached maturity, but I sure hope we never lose the sense of curiosity, passion, and geekiness we’ve had since the beginning.

Incentivizing developers is the key to better security practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow.

Secure Code Warrior turns 8: All aboard the rocket ship

This week, we officially celebrate eight years of Secure Code Warrior. On the one hand, that’s 350 times the length of the Apollo 11 mission, as well as the equivalent of 45,000 games of football, or playing Super Mario Odyssey 5696 times to the end. On the other, it’s just one-thirtieth the lifespan of a Giant Tortoise (250 years, if you’re wondering). In the world of a high-growth startup, it represents a journey of many twists, turns, lessons, and accomplishments, many of which were unimaginable when we were first inking our business plan.

API on Wheels: A road trip of risky vulnerabilities

Leaving API security up to chance is a sure-fire way to introduce problems later on, with potentially devastating consequences at worst, and frustrating rework and low performance at best.

COVID-19 contact tracing: What's the secure coding situation?

The idea behind contact tracing apps is sound. This technology, when functioning well, would ensure hotspots are quickly revealed and comprehensive testing can occur - both essential components of fighting the spread of a contagious virus.

The forgotten human factor driving web application security flaws

How are developers supposed to write secure code if nobody ever teaches them about why its important, the consequences of insecure code, and most importantly, how to prevent writing these vulnerabilities in their respective programming frameworks in the first place?

Copy/Paste is a dangerous coding technique

The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported

The most dangerous software errors of 2019: More evidence of history repeating

Towards the end of last year, the amazing community at MITRE published their list of the CWE Top 25 Most Dangerous Software Errors that affected the world in 2019. And most of it was no surprise.

Secure Code Warrior - Happy 3rd Birthday to us

Our vision is to empower developers to be the first line of defence in their organisation by making security highly visible and providing them with the skills and tools to write secure code from the beginning.

Why we need to support, not punish, curious security minds

Teen security researcher, Bill Demirkapi, exposing major vulnerabilities in software used by his school certainly brought back some memories. I remember being the curious kid, lifting the hood on software to take a peek underneath and see how it all worked... and if I could break it.

Some CISOs are turning the security skills shortage into an opportunity

Empowering developers to write secure code from the start is an opportunity for CISOs to seize some proactive control from the security predicament, and where there is the chance for fast, easy and measurable improvements for both security and development teams.

Shifting Left

If a developer writes a cross-site scripting error as they're coding in JavaScript, and they're able to detect that within minutes of creating that flaw

2021 cybersecurity predictions: The intergalactic battle begins

We’re predicting that 2021 is the year we take a new kind of space race into the mainstream: keeping our galaxy safe from cyber threats.

Cybercriminals Are Attacking Healthcare (But We Can Fight Back)

Healthcare could be the next 'great' cybersecurity battleground, with criminals attacking the very machines that diagnose medical problems, provide treatments and sustain life.

DevSecOps: The Old Security Bugs Still Performing New Tricks

In cybersecurity, we are often like hunters. Our eyes are firmly glued to the horizon, scanning for the next breakout vulnerability. However, this forward-looking focus can have the surprising effect of dampening our overall security awareness.

OWASP AppSec Day 2019: Nurturing Secure Developers

These developer-focused events are among my favorite on the calendar; they provide a humbling reminder of the community that works tirelessly to educate and empower software engineers and specialists to champion security in their work.

The Change We Need In The AppSec Badlands: My 2019 Predictions

The real battle we face isn't against script kiddies, or dangerous organized cybercrime syndicates... its in getting more people to care that data breaches are happening at all.

Software Security is in the Wild West (and it's going to get us killed)

Software security is always front-of-mind for me, as is the very real danger posed by our increasingly digital, personal information-sharing lifestyles. After all, we are in a largely unregulated, unsupervised and blissfully ignored territory. We're in the Wild West.

Is your security program focused on incident response? You're doing it wrong.

Placing emphasis on a preventative - as opposed to reactive - approach may not be widely understood outside of the security team, especially if a big, bad, security incident has not taken place.

Cybersecurity Training and Positive Reinforcement

The Revamped PCI Security Standards Council Guidelines: Do They Shift Far Enough Left?

This year, the PCI Security Standards Council released an all-new set of software security guidelines as part of their PCI Software Security Framework. This update aims to bring software security best practice in-line with modern software development.

Malice in the metaverse: Fighting known cyber threats on a new frontier

The advent of the digital darling of the moment - the metaverse - adds a vast new attack surface for both code-level vulnerabilities and social engineering. And we’re simply not prepared for battle on this new playing field that thrives on smoke and mirrors.

Are your developers the first line of risk or defense? Rate your company against our Secure Coding Checklist

As CIOs aggressively build their enterprise agile capabilities, secure coding skills will be a weapon of innovation and not having them will be an instrument of destruction.

Huawei security UK problems demonstrate the need for secure coding

A recent report from the UK's Huawei Cyber Security Evaluation Centre identified major security issues within Huawei's software engineering processes. But it's a problem that can be fixed.

Securing APIs: Mission impossible?

API security is tough, but with adequate training, planning and a focus on best practices, even the most insidious vulnerabilities can be mitigated.

Static Vs. Dynamic Cybersecurity Training: Impulsive Compliance, Future Problems

While regulatory initiatives will undoubtedly improve and grow over time, if organizations are already hitting the panic button and leaping into training now, they might just find themselves ill-equipped for the future.

Why DevOps Implementation is Often Unsuccessful (and How You Can Fix It)

Few companies are truly successful in their DevOps implementation. However, the right support, nurturing and understanding across the business can transform your process.

GitHub Users Held to Ransom with Plaintext Pain

The recent attack on GitHub repositories highlights a well-known issue within the security industry: most developers are simply not sufficiently security-aware, and valuable data could be at risk at any time.

A Brighter Future For DevSecOps? It's Closer Than You Think

There are many solutions that find vulnerabilities in code, but security needs to place more emphasis on teaching developers to follow security guidelines that will prevent them from making these mistakes in the first place.

Lifting the veil on cyber vulnerabilities in Government supply chain pipelines

It’s obvious that cybersecurity is important, but what does it actually mean in the context of supply chains?

DevSecOps in DACH: Key findings from secure coding pilot programs

With the advent of GDPR, as well as a revised strategy following a multi-stage attack that exposed the sensitive data of many public figures - as well as servers in the German federal government - it is clear that cybersecurity awareness and action are front-of-mind for leaders in the DACH region.

More Breaches, More Problems: The Cost of Trust in Third-Party Apps

We must stop thinking of security as an irritating obstacle on the path of company innovation.

It takes a village: How community spirit creates more secure developers

There are developers of all types, from all walks of life, and there has always been a sense of community in everything we do.

How do developers define "secure coding"?

The perception of what constitutes the act of secure coding is up for debate. According to recent research in collaboration with Evans Data, this sentiment was revealed in black and white. The State of Developer-Driven Security 2022 survey delves into the key insights and experiences of 1200 active developers, illuminating their attitudes and challenges in the security realm.

Women in Security: Spotlight on Fatemah Beydoun

Our VP of Customer Success, Fatemah Beydoun, recently presented her talk, "Mentoring for the future: How we can all do better in fostering female cybersecurity talent" to a very receptive audience. She has been an integral part of driving positive change within the cybersecurity industry.

In-depth security training is raising questions in education

While secure coding needs to become a mandatory component of software engineering at the tertiary level, some universities are leading the charge in providing top-notch training and prioritizing security as part of the development process from the very beginning.p

How creative CISOs and CIOs can innovate and transform their security program

Creative, inspiring CISOs and CIOs have the power to innovate and shape our digital world, but they can also be instrumental in transforming an organizations security culture.

The Great Global Patch: VxWorks Flaws Set to Compromise Millions of Devices

While VxWorks isn't a household name to the average consumer, this software product benefits many people just like you and me, each and every day. And now, we are faced with the possibility that hundreds of millions of VxWorks-powered devices are now compromised.

Why gamification is the key to leveling up your software security

We must work to change the conversation, to make security an integral part of every developer's working life. And I think one of the best ways to do this is by empowering and engaging with developers on security through, for example, gamification.

Six Years of Secure Code Warrior: Are we grown up yet?

It’s that special time of the year (for us, anyway) where I reflect on our most recent lap around the sun, and what has been done in the previous 365 days to position us for a new year of growth, lessons, and inevitable unpredictability.

Secure Code Warrior and Bugcrowd: A Match Made in Security Geek Heaven

It's official: we are joining forces with Bugcrowd in the fight to educate, empower and enlighten developers on secure coding.

Developer Tournaments: AppSec's Secret Weapon to Improve Security Culture and Engagement

Don't you think it's time we gave security a makeover? It's as simple as changing the conversation and making everything a little more positive (not to mention fun!) for both sides, especially the development team.

Take a lesson from this mindreader and make security fun again!

It doesn't matter whether you are training the C-suite in cyber security or helping developers in JAVA or C# secure coding skills, there's a place for creativity, gamification and fun.

International Women in Engineering Day: Meet Our Stars

June 23rd is a special entry in the geek calendar, marking International Women in Engineering Day. This is our chance to cast light on the contribution of women to software development.

Empathy, Gratitude, and Staying Humble: The Foundation of Our Culture

The software security industry isn't exactly known for its warm and fuzzy feelings, whimsical observations and life commentary, but, perhaps as I get older, I find myself reflecting on the impact we can all have in the world.

A video game to improve the hiring process

For Cybersecurity Best Practice, Look to the Finance Industry

With cyberattacks on the rise - affecting every type of organisation in every vertical - the threat of expensive, embarrassing and bottom-line-affecting data breaches is very real. The problem is not getting smaller, it's growing like a tumour.

The future of cybersecurity: What WON'T be happening in the year to come

In our industry, many security experts have started predicting the hot-button issues for the year, but with more than five billion sensitive data records stolen in 2019, we figured it would be more accurate to predict what won't be happening in cybersecurity in the foreseeable future.

How to roll out effective developer security training: 5 important lessons

5 important lessons on how to roll out effective developer security training

Rethinking Software in the Organizational Hierarchy

By helping define the responsibilities of our apps and software within a tight hierarchy, and enforcing those policies with least privilege, we can make sure that our apps and software also survive and thrive despite the threat landscape arrayed against them.

Are we mature enough for the Open Source Software Security Mobilization Plan?

The Open Source Software Security Mobilization Plan represents a positive step for developer-driven security. However, we must all take stock and honestly assess if we're mature enough in our organization - and if our development teams have the right level of security awareness and skills - to implement the latest and greatest defensive strategies.

Best of the Brunch: Our Leaders in AppSec Share Their Wisdom

Addressing hot-button issues like how to make the most of an organization's AppSec budget, as well as several curly questions from the audience, the Leaders in AppSec panel delivered some real morning magic that will help security specialists build out viable programs within their organizations.

Happy 4th Birthday Secure Code Warrior, You Cheeky Little Toddler

The older my daughter and the company gets, the more I realise there are so many similarities between a startup journey and the ���first-time�۝ parent journey. I am in my fourth year for both now.pi

The million dollar question every developer should be asking their prospective employers

There's a question that needs to be asked by every developer, whether you are a graduate or a veteran. And the answer matters.

Cybersecurity industry analysis: Another recurring vulnerability we must correct

We’re not getting realistic advice, nor the fastest solutions, to combat the non-stop onslaught that is modern cybersecurity. Of course, each breach is different in its own way, and there are numerous attack vectors that can be exploited in vulnerable software. Feasible generic advice will be limited, but the best practice approach is looking more flawed by the hour.

COBOL Application Development Security | Secure Code Warrior

Legacy COBOL, although an older computer language, is still effective to this day. Learn more about COBOL secure application development from Secure Code Warrior.

Leaky APIs threaten to wash company reputations out to sea

API security is an issue that isn’t far from the minds of most security experts, and it’s something we need to equip ourselves with the knowledge to fight.

PCI-DSS 4.0 will be here sooner than you think, and it’s an opportunity to elevate your organization’s cyber resilience

Earlier this year, the PCI Security Standards Council revealed version 4.0 of their Payment Card Industry Data Security Standard (PCI DSS). While organizations won’t need to be fully compliant with 4.0 until March 2025, this update is their most transformative to date, and will require most businesses to assess (and likely upgrade) complex security processes, and elements of their tech stack. This is in addition to implementing role-based security awareness training and regular secure coding education for developers.

Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior: “everyone should understand and embrace the role they play in cybersecurity”

CyberNews Q&A with Pieter Danhieux, CEO & Co-Founder, Secure Code Warrior.

Proactive protection: Leveraging the National Cybersecurity Strategy for advanced threat prevention

CISA's National Cybersecurity Strategy represents the best chance we have at raising software standards across the board and, finally, ushering in a new era of security-skilled developers.

LLMs: An (im)perfectly human approach to secure coding?

While it is looking inevitable that LLM-style AI technology will change the way we approach many aspects of work - not just software development - we must take a step back and consider the risks beyond the headlines. And as a coding companion, its flaws are perhaps its most “human” attribute.

Raising the bar for secure coding: Infusing agile learning into future-ready enterprises

We announced the closing of our Series-C funding round, having raised USD $50 million towards the next phase of our mission: helping more pioneering organizations harness the power of their development cohort in thwarting common vulnerabilities. 

Revealed: An exciting partnership to elevate agile learning and developer-driven security in the enterprise

Fresh off the back of our Series C funding announcement, I am thrilled to announce another step in our company’s journey. Security industry leader, Synopsys, has welcomed an exciting new addition to its product suite: Synopsys Developer Security Training, powered by Secure Code Warrior.

Is Your Security Program Ready for CISA's Cybersecurity Strategic Plan?

The Cybersecurity Strategic Plan pushes major changes to the way most organizations approach cybersecurity, and developers are in a unique position to help achieve those new goals.

The Power of Nine: Growing Secure Code Warrior’s legacy in an exciting time for cybersecurity

Today is our ninth birthday, and I remain immensely proud and grateful for our achievements and enduring place in cybersecurity land as the scene continues to change rapidly.

The XZ Utils backdoor in Linux points to a wider supply chain security issue, and we need more than community spirit to keep it at bay

A critical vulnerability, CVE-2024-3094, was discovered in the XZ Utils data compression library used by major Linux distributions, introduced through a backdoor by a threat actor. This high-severity issue allows for potential remote code execution, posing significant risks to software build processes. The flaw affects early versions (5.6.0 and 5.6.1) of XZ Utils in Fedora Rawhide, with an urgent call for organizations to implement patches. The incident underscores the critical role of community volunteers in maintaining open-source software and highlights the need for enhanced security practices and access control within the software development lifecycle.

Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen

Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.