Issue No. 05 - September/October (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.119
John Steven , Cigital
Kenneth R. van Wyk , KRvW Associates
As organizations flesh out their enterprise software security framework (ESSF), they quickly spot an overwhelming gap between their current state of practice and their eventual goals for building secure applications. To address this gap, the application security group must bring ESSF plans to other parts of the organization: corporate, engineering, business, training, and IT groups, to name a few. Such socialization helps organizational participants understand their role in framework adoption and roll out, and it should cover what tools people will need, how they'll interact with each other, and what levels of effort they can expect to put forth.
software development life cycle, security training, awareness training, education, socialization
John Steven, Kenneth R. van Wyk, "Essential Factors for Successful Software Security Awareness Training", IEEE Security & Privacy, vol. 4, no. , pp. 80-83, September/October 2006, doi:10.1109/MSP.2006.119