Issue No.05 - September/October (2006 vol.4)
Kenneth R. van Wyk , KRvW Associates
John Steven , Cigital
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.119
As organizations flesh out their enterprise software security framework (ESSF), they quickly spot an overwhelming gap between their current state of practice and their eventual goals for building secure applications. To address this gap, the application security group must bring ESSF plans to other parts of the organization: corporate, engineering, business, training, and IT groups, to name a few. Such socialization helps organizational participants understand their role in framework adoption and roll out, and it should cover what tools people will need, how they'll interact with each other, and what levels of effort they can expect to put forth.
software development life cycle, security training, awareness training, education, socialization
Kenneth R. van Wyk, John Steven, "Essential Factors for Successful Software Security Awareness Training", IEEE Security & Privacy, vol.4, no. 5, pp. 80-83, September/October 2006, doi:10.1109/MSP.2006.119