Migrating to a Logger with Sensei
Migrating to a Logger with Sensei
This post describes creating a recipe to migrate from System.out.println to using a Java Logger.
When I'm hacking out code, rather than using TDD, and I make mistakes, I have the bad habit of printing a line to System.out, and I've wanted to wean myself off that habit.
I made a bunch of mistakes when writing the code below :
private String getCountdownString() {
String output = "";
String prefix="";
for(int countdown = 10; countdown > 0; countdown-- ){
output = output + prefix + countdown;
System.out.println(output);
prefix=", ";
}
System.out.println(output);
return output;
}
Initially, I wrote countdown++ and the loop didn't finish.
And I used countdown > 1 so didn't get the output I wanted.
In the end, I littered my code with System.out.println to help me debug. And the experience reinforced that I need to learn how to use a logger as my default approach.
Research
Fortunately, I read through the Sensei documentation and decided to use the "Getting Started" guide to help me create a recipe to convert from System.out.println and encourage me to use a logger:
- java.util.logging.Logger
Creating a Recipe
The first thing I do is click on the println then alt+enter to create a new recipe.
I create it with the following details:
Name: Logger: use logger instead of println
Description: use logger instead of println - remember to stop using System.out.println
Level: Error
And I'll start by matching methodcall with the name println
search:
methodcall:
name: "println"
And the preview shows me all the matches in my code.
I can see that all the matches in my code are for System.out.println but I don't trust that long term this will be the only match. I want to match a more qualified statement I want to change.
I expand the matcher to search for a methodcall on a field named out in the class System.
search:
methodcall:
name: "println"
"on":
field:
in:
class:
name: "System"
name: "out"
I could, if I wanted, fully qualify the System name to java.lang.System
Amending the Code to log
Next, I want to create the QuickFix.
First I want to amend the line of code that logs the output:
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(Level.INFO, {{{ arguments.0 }}})"
I don't have to remember the mustache template format. I used the Show Variables in the GUI to show me the argument and double-clicked on it. Then the GUI filled in the appropriate matching mustache template.
When I try it out, I can see that I still have to alt+enter to import the Level enum. But if I amend my QuickFix to have a fully qualified item then Sensei will add the import for me e.g.
- It will replace System.out.println(output); with
logger.log(Level.INFO, output);
- And add an import for the enum:
import java.util.logging.Level;
- If I rewrite to:
logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})
And this will work, but I will still have to remember the syntax to instantiate the logger in the first place.
Amending the code to add the logger field
I can amend my QuickFix to create the field for me as well.
I will code the logger first, and then add that to my recipe so I never have to code it again.
Logger logger2 = Logger.getLogger(SysOutTest.class.getName());
I tend to write the example code I want to see generated first because then I can use IntelliJ code completion and syntax checking to make sure I get it right. As a side-effect, it will then be in the code preview when I edit the recipe to add the QuickFix lines that will create that code.
And when I write the example code, I want to use a different field name (here I'm using logger2) because Sensei is clever enough not to add a duplicate field, so I have to fool it by using a different name.
So I'll amend the recipe to create this code by adding a field called logger.
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})"
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "parentClass"
Note that I changed SysOutTest to be a mustache variable so that it picks up the name of any class I use this recipe in. And again, I didn't remember the mustache syntax, I used the GUI Show Variables to find the replacement I needed.
By fully qualifying the Logger to java.util.logging.Logger, Sensei will add the import and write the line of code that I want i.e.
Logger logger = Logger.getLogger(SysOutTest.class.getName());
One useful thing about this recipe is that because it will only add the logger field once, I can use this on any existing code where I have used `System.out.println` and use Sensei to change all the occurrences in my code file at the same time.
Next Steps
Once I get used to this, I'll eventually train myself away from using System.out.println.
I can use Sensei to help me proactively write code by creating a second recipe which helps me create a logger.
e.g. I can match on a class, where there is no field called logger, and add one.
If I create a recipe of level Information
Name: Logger: add logger
Description: Add logger to class
To match on a class without a logger field:
search:
class:
without:
child:
field:
name: "logger"
And then I will reuse part of the QuickFix we saw earlier:
availableFixes:
- name: "Add Logger"
actions:
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "self"
Note the difference in target here compared to the first QuickFix. This uses self because our Search matched the class. The first QuickFix uses parentClass because we matched code within the class itself.
Summary
This represents one of the key flows associated with using Sensei to help improve your personal programming skillset:
- create a recipe to help with your immediate 'best practice'
- once you know how to use that best practice... create a recipe to make your workflow faster
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
The source code and recipes for this can be found in the `sensei-blog-examples` repository in the Secure Code Warrior GitHub account, in the `pojoexamples` module.
A quick example of creating a recipe to migrate from System.out.println to using a Java Logger.
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoAlan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Migrating to a Logger with Sensei
This post describes creating a recipe to migrate from System.out.println to using a Java Logger.
When I'm hacking out code, rather than using TDD, and I make mistakes, I have the bad habit of printing a line to System.out, and I've wanted to wean myself off that habit.
I made a bunch of mistakes when writing the code below :
private String getCountdownString() {
String output = "";
String prefix="";
for(int countdown = 10; countdown > 0; countdown-- ){
output = output + prefix + countdown;
System.out.println(output);
prefix=", ";
}
System.out.println(output);
return output;
}
Initially, I wrote countdown++ and the loop didn't finish.
And I used countdown > 1 so didn't get the output I wanted.
In the end, I littered my code with System.out.println to help me debug. And the experience reinforced that I need to learn how to use a logger as my default approach.
Research
Fortunately, I read through the Sensei documentation and decided to use the "Getting Started" guide to help me create a recipe to convert from System.out.println and encourage me to use a logger:
- java.util.logging.Logger
Creating a Recipe
The first thing I do is click on the println then alt+enter to create a new recipe.
I create it with the following details:
Name: Logger: use logger instead of println
Description: use logger instead of println - remember to stop using System.out.println
Level: Error
And I'll start by matching methodcall with the name println
search:
methodcall:
name: "println"
And the preview shows me all the matches in my code.
I can see that all the matches in my code are for System.out.println but I don't trust that long term this will be the only match. I want to match a more qualified statement I want to change.
I expand the matcher to search for a methodcall on a field named out in the class System.
search:
methodcall:
name: "println"
"on":
field:
in:
class:
name: "System"
name: "out"
I could, if I wanted, fully qualify the System name to java.lang.System
Amending the Code to log
Next, I want to create the QuickFix.
First I want to amend the line of code that logs the output:
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(Level.INFO, {{{ arguments.0 }}})"
I don't have to remember the mustache template format. I used the Show Variables in the GUI to show me the argument and double-clicked on it. Then the GUI filled in the appropriate matching mustache template.
When I try it out, I can see that I still have to alt+enter to import the Level enum. But if I amend my QuickFix to have a fully qualified item then Sensei will add the import for me e.g.
- It will replace System.out.println(output); with
logger.log(Level.INFO, output);
- And add an import for the enum:
import java.util.logging.Level;
- If I rewrite to:
logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})
And this will work, but I will still have to remember the syntax to instantiate the logger in the first place.
Amending the code to add the logger field
I can amend my QuickFix to create the field for me as well.
I will code the logger first, and then add that to my recipe so I never have to code it again.
Logger logger2 = Logger.getLogger(SysOutTest.class.getName());
I tend to write the example code I want to see generated first because then I can use IntelliJ code completion and syntax checking to make sure I get it right. As a side-effect, it will then be in the code preview when I edit the recipe to add the QuickFix lines that will create that code.
And when I write the example code, I want to use a different field name (here I'm using logger2) because Sensei is clever enough not to add a duplicate field, so I have to fool it by using a different name.
So I'll amend the recipe to create this code by adding a field called logger.
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})"
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "parentClass"
Note that I changed SysOutTest to be a mustache variable so that it picks up the name of any class I use this recipe in. And again, I didn't remember the mustache syntax, I used the GUI Show Variables to find the replacement I needed.
By fully qualifying the Logger to java.util.logging.Logger, Sensei will add the import and write the line of code that I want i.e.
Logger logger = Logger.getLogger(SysOutTest.class.getName());
One useful thing about this recipe is that because it will only add the logger field once, I can use this on any existing code where I have used `System.out.println` and use Sensei to change all the occurrences in my code file at the same time.
Next Steps
Once I get used to this, I'll eventually train myself away from using System.out.println.
I can use Sensei to help me proactively write code by creating a second recipe which helps me create a logger.
e.g. I can match on a class, where there is no field called logger, and add one.
If I create a recipe of level Information
Name: Logger: add logger
Description: Add logger to class
To match on a class without a logger field:
search:
class:
without:
child:
field:
name: "logger"
And then I will reuse part of the QuickFix we saw earlier:
availableFixes:
- name: "Add Logger"
actions:
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "self"
Note the difference in target here compared to the first QuickFix. This uses self because our Search matched the class. The first QuickFix uses parentClass because we matched code within the class itself.
Summary
This represents one of the key flows associated with using Sensei to help improve your personal programming skillset:
- create a recipe to help with your immediate 'best practice'
- once you know how to use that best practice... create a recipe to make your workflow faster
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
The source code and recipes for this can be found in the `sensei-blog-examples` repository in the Secure Code Warrior GitHub account, in the `pojoexamples` module.
Migrating to a Logger with Sensei
This post describes creating a recipe to migrate from System.out.println to using a Java Logger.
When I'm hacking out code, rather than using TDD, and I make mistakes, I have the bad habit of printing a line to System.out, and I've wanted to wean myself off that habit.
I made a bunch of mistakes when writing the code below :
private String getCountdownString() {
String output = "";
String prefix="";
for(int countdown = 10; countdown > 0; countdown-- ){
output = output + prefix + countdown;
System.out.println(output);
prefix=", ";
}
System.out.println(output);
return output;
}
Initially, I wrote countdown++ and the loop didn't finish.
And I used countdown > 1 so didn't get the output I wanted.
In the end, I littered my code with System.out.println to help me debug. And the experience reinforced that I need to learn how to use a logger as my default approach.
Research
Fortunately, I read through the Sensei documentation and decided to use the "Getting Started" guide to help me create a recipe to convert from System.out.println and encourage me to use a logger:
- java.util.logging.Logger
Creating a Recipe
The first thing I do is click on the println then alt+enter to create a new recipe.
I create it with the following details:
Name: Logger: use logger instead of println
Description: use logger instead of println - remember to stop using System.out.println
Level: Error
And I'll start by matching methodcall with the name println
search:
methodcall:
name: "println"
And the preview shows me all the matches in my code.
I can see that all the matches in my code are for System.out.println but I don't trust that long term this will be the only match. I want to match a more qualified statement I want to change.
I expand the matcher to search for a methodcall on a field named out in the class System.
search:
methodcall:
name: "println"
"on":
field:
in:
class:
name: "System"
name: "out"
I could, if I wanted, fully qualify the System name to java.lang.System
Amending the Code to log
Next, I want to create the QuickFix.
First I want to amend the line of code that logs the output:
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(Level.INFO, {{{ arguments.0 }}})"
I don't have to remember the mustache template format. I used the Show Variables in the GUI to show me the argument and double-clicked on it. Then the GUI filled in the appropriate matching mustache template.
When I try it out, I can see that I still have to alt+enter to import the Level enum. But if I amend my QuickFix to have a fully qualified item then Sensei will add the import for me e.g.
- It will replace System.out.println(output); with
logger.log(Level.INFO, output);
- And add an import for the enum:
import java.util.logging.Level;
- If I rewrite to:
logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})
And this will work, but I will still have to remember the syntax to instantiate the logger in the first place.
Amending the code to add the logger field
I can amend my QuickFix to create the field for me as well.
I will code the logger first, and then add that to my recipe so I never have to code it again.
Logger logger2 = Logger.getLogger(SysOutTest.class.getName());
I tend to write the example code I want to see generated first because then I can use IntelliJ code completion and syntax checking to make sure I get it right. As a side-effect, it will then be in the code preview when I edit the recipe to add the QuickFix lines that will create that code.
And when I write the example code, I want to use a different field name (here I'm using logger2) because Sensei is clever enough not to add a duplicate field, so I have to fool it by using a different name.
So I'll amend the recipe to create this code by adding a field called logger.
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})"
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "parentClass"
Note that I changed SysOutTest to be a mustache variable so that it picks up the name of any class I use this recipe in. And again, I didn't remember the mustache syntax, I used the GUI Show Variables to find the replacement I needed.
By fully qualifying the Logger to java.util.logging.Logger, Sensei will add the import and write the line of code that I want i.e.
Logger logger = Logger.getLogger(SysOutTest.class.getName());
One useful thing about this recipe is that because it will only add the logger field once, I can use this on any existing code where I have used `System.out.println` and use Sensei to change all the occurrences in my code file at the same time.
Next Steps
Once I get used to this, I'll eventually train myself away from using System.out.println.
I can use Sensei to help me proactively write code by creating a second recipe which helps me create a logger.
e.g. I can match on a class, where there is no field called logger, and add one.
If I create a recipe of level Information
Name: Logger: add logger
Description: Add logger to class
To match on a class without a logger field:
search:
class:
without:
child:
field:
name: "logger"
And then I will reuse part of the QuickFix we saw earlier:
availableFixes:
- name: "Add Logger"
actions:
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "self"
Note the difference in target here compared to the first QuickFix. This uses self because our Search matched the class. The first QuickFix uses parentClass because we matched code within the class itself.
Summary
This represents one of the key flows associated with using Sensei to help improve your personal programming skillset:
- create a recipe to help with your immediate 'best practice'
- once you know how to use that best practice... create a recipe to make your workflow faster
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
The source code and recipes for this can be found in the `sensei-blog-examples` repository in the Secure Code Warrior GitHub account, in the `pojoexamples` module.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoAlan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Migrating to a Logger with Sensei
This post describes creating a recipe to migrate from System.out.println to using a Java Logger.
When I'm hacking out code, rather than using TDD, and I make mistakes, I have the bad habit of printing a line to System.out, and I've wanted to wean myself off that habit.
I made a bunch of mistakes when writing the code below :
private String getCountdownString() {
String output = "";
String prefix="";
for(int countdown = 10; countdown > 0; countdown-- ){
output = output + prefix + countdown;
System.out.println(output);
prefix=", ";
}
System.out.println(output);
return output;
}
Initially, I wrote countdown++ and the loop didn't finish.
And I used countdown > 1 so didn't get the output I wanted.
In the end, I littered my code with System.out.println to help me debug. And the experience reinforced that I need to learn how to use a logger as my default approach.
Research
Fortunately, I read through the Sensei documentation and decided to use the "Getting Started" guide to help me create a recipe to convert from System.out.println and encourage me to use a logger:
- java.util.logging.Logger
Creating a Recipe
The first thing I do is click on the println then alt+enter to create a new recipe.
I create it with the following details:
Name: Logger: use logger instead of println
Description: use logger instead of println - remember to stop using System.out.println
Level: Error
And I'll start by matching methodcall with the name println
search:
methodcall:
name: "println"
And the preview shows me all the matches in my code.
I can see that all the matches in my code are for System.out.println but I don't trust that long term this will be the only match. I want to match a more qualified statement I want to change.
I expand the matcher to search for a methodcall on a field named out in the class System.
search:
methodcall:
name: "println"
"on":
field:
in:
class:
name: "System"
name: "out"
I could, if I wanted, fully qualify the System name to java.lang.System
Amending the Code to log
Next, I want to create the QuickFix.
First I want to amend the line of code that logs the output:
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(Level.INFO, {{{ arguments.0 }}})"
I don't have to remember the mustache template format. I used the Show Variables in the GUI to show me the argument and double-clicked on it. Then the GUI filled in the appropriate matching mustache template.
When I try it out, I can see that I still have to alt+enter to import the Level enum. But if I amend my QuickFix to have a fully qualified item then Sensei will add the import for me e.g.
- It will replace System.out.println(output); with
logger.log(Level.INFO, output);
- And add an import for the enum:
import java.util.logging.Level;
- If I rewrite to:
logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})
And this will work, but I will still have to remember the syntax to instantiate the logger in the first place.
Amending the code to add the logger field
I can amend my QuickFix to create the field for me as well.
I will code the logger first, and then add that to my recipe so I never have to code it again.
Logger logger2 = Logger.getLogger(SysOutTest.class.getName());
I tend to write the example code I want to see generated first because then I can use IntelliJ code completion and syntax checking to make sure I get it right. As a side-effect, it will then be in the code preview when I edit the recipe to add the QuickFix lines that will create that code.
And when I write the example code, I want to use a different field name (here I'm using logger2) because Sensei is clever enough not to add a duplicate field, so I have to fool it by using a different name.
So I'll amend the recipe to create this code by adding a field called logger.
availableFixes:
- name: "use Logger"
actions:
- rewrite:
to: "logger.log(java.util.logging.Level.INFO, {{{ arguments.0 }}})"
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "parentClass"
Note that I changed SysOutTest to be a mustache variable so that it picks up the name of any class I use this recipe in. And again, I didn't remember the mustache syntax, I used the GUI Show Variables to find the replacement I needed.
By fully qualifying the Logger to java.util.logging.Logger, Sensei will add the import and write the line of code that I want i.e.
Logger logger = Logger.getLogger(SysOutTest.class.getName());
One useful thing about this recipe is that because it will only add the logger field once, I can use this on any existing code where I have used `System.out.println` and use Sensei to change all the occurrences in my code file at the same time.
Next Steps
Once I get used to this, I'll eventually train myself away from using System.out.println.
I can use Sensei to help me proactively write code by creating a second recipe which helps me create a logger.
e.g. I can match on a class, where there is no field called logger, and add one.
If I create a recipe of level Information
Name: Logger: add logger
Description: Add logger to class
To match on a class without a logger field:
search:
class:
without:
child:
field:
name: "logger"
And then I will reuse part of the QuickFix we saw earlier:
availableFixes:
- name: "Add Logger"
actions:
- addField:
field: "java.util.logging.Logger logger = Logger.getLogger({{{ containingClass.name\
\ }}}.class.getName())"
target: "self"
Note the difference in target here compared to the first QuickFix. This uses self because our Search matched the class. The first QuickFix uses parentClass because we matched code within the class itself.
Summary
This represents one of the key flows associated with using Sensei to help improve your personal programming skillset:
- create a recipe to help with your immediate 'best practice'
- once you know how to use that best practice... create a recipe to make your workflow faster
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
The source code and recipes for this can be found in the `sensei-blog-examples` repository in the Secure Code Warrior GitHub account, in the `pojoexamples` module.
Table of contents
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise
The Secure-by-Design movement is the future of secure software development. Learn about the key elements companies need to keep in mind when they think about a Secure-by-Design initiative.
DigitalOcean Decreases Security Debt with Secure Code Warrior
DigitalOcean's use of Secure Code Warrior training has significantly reduced security debt, allowing teams to focus more on innovation and productivity. The improved security has strengthened their product quality and competitive edge. Looking ahead, the SCW Trust Score will help them further enhance security practices and continue driving innovation.
Resources to get you started
Trust Score Reveals the Value of Secure-by-Design Upskilling Initiatives
Our research has shown that secure code training works. Trust Score, using an algorithm drawing on more than 20 million learning data points from work by more than 250,000 learners at over 600 organizations, reveals its effectiveness in driving down vulnerabilities and how to make the initiative even more effective.
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.
The Benefits of Benchmarking Security Skills for Developers
The growing focus on secure code and Secure-by-Design principles requires developers to be trained in cybersecurity from the start of the SDLC, with tools like Secure Code Warrior’s Trust Score helping measure and improve their progress.
Driving Meaningful Success for Enterprise Secure-by-Design Initiatives
Our latest research paper, Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise is the result of deep analysis of real Secure-by-Design initiatives at the enterprise level, and deriving best practice approaches based on data-driven findings.