It has been two years since the United States government’s Cybersecurity & Infrastructure Security Agency (CISA) released its comprehensive Secure by Design guidelines, signaling a watershed moment affecting software manufacturers. For the first time, there was visible, top-level support for raising the standards of software quality and security, with a push towards vendor—as opposed to end-user—accountability for ensuring code shipped free from vulnerabilities.

However, consensus on the real-world implementation of these principles at the enterprise level has proved elusive. Among security professionals, there does not appear to be a consensus on what constitutes Secure by Design, much less a standard pathway being followed to achieve it. Secure Code Warrior interviewed enterprise security professionals focusing on building software, diving deep into their current approaches to Secure by Design principles, including how it is being implemented into their current security posture and Software Development Life Cycle (SDLC). It became apparent that there was no widely accepted standard for implementing CISA’s guidance, nor were there active benchmarks to determine successful rollout. This must be corrected rapidly if we, as an industry, are to reap the benefits of heightened security accountability and software quality. 

‍

In this research paper, Secure Code Warrior co-founders, Pieter Danhieux and Dr. Matias Madou, Ph.D., along with expert contributors, Chris Inglis, Former US National Cyber Director (now Strategic Advisor to Paladin Capital Group), and Devin Lynch, Senior Director, Paladin Global Institute, will reveal key findings from over twenty in-depth interviews with enterprise security leaders including CISOs, a VP of Application Security, and software security professionals, including:

‍

• Insights into common security program challenges faced in the enterprise;
• The role of Secure by Design initiatives, including how these are activated and distributed among teams;
• The role of AI in software development, and modern threat modeling;
• Interpretations of best practices, and the role precision data and benchmarking can play in industry-wide alignment with a viable Secure by Design strategy. 

‍

Expert support that makes secure coding stick

SCW Professional Services brings deep domain knowledge to every stage of your program. Our team of former security practitioners uses a risk-based approach to accelerate success.

• Rely on battle-tested expertise - no guesswork, just real-world insight
• Apply a risk-based methodology to developer risk reduction
• Customize rollout and training to your teams, tools, and culture
• Evolve your program with ongoing reviews and ROI tracking

Whether you're just getting started or taking your program to the next level, we’re here to help you succeed faster and with lasting impact.

‍

Our content is carefully curated for any persona that is part of the software development life-cycle. Secure Code Warrior believes that everyone in software development has a responsibility to ensure that software is created and deployed correctly. We therefore offer a range of content from awareness topics to in-depth, hands-on practice for the following roles:

Secure Code Warrior provides a range of content, from awareness topics to in-depth, hands-on practice, for all personas involved in the software development life-cycle. We believe that everyone in software development plays a role in the secure creation and deployment of software. Our content is curated for a variety of roles.

• Software Developers: AI/Vibe Coders, Frontend, Backend, API Engineers, Mobile Engineers, Android/iOS Engineers, Embedded and Automotive Industry Engineers
• Technical Professionals: DevOps, System Administrators, Cloud Engineers, Architects, QA Engineers/Managers/Testers,,
• Management and others: Engineering Managers, Product Managers/Project Managers/Business Analysts,Data Scientists/Analysts/Engineers 

Secure Code Warrior provides hands-on, practical exercises in specific coding languages and frameworks so developers can apply these skills to their daily work. We support more than 65+ coding languages/frameworks and 10.000 hands-on activities.

Quests is a learning platform that helps developers mitigate software security risks by enhancing their secure coding skills. With curated learning paths, hands-on challenges, and interactive activities, it empowers developers to identify and prevent vulnerabilities.

OpenText Fortify and Secure Code Warrior have partnered to enhance application security by empowering developers to become security champions. The integration enables targeted vulnerability education, faster remediation, and hands-on training to upskill developers in writing secure code from the start.

This collaboration reduces security risks, minimizes costs, and streamlines compliance by embedding security into the software development lifecycle, helping companies build customer trust and ship high-quality code faster.

Read more about the partnership in our One Pager.