It is essential that all developers are aware of secure coding best practices and refresh this knowledge periodically.

Why

  • It reduces the chances of security issues being introduced into Bramble.
  • Some developers want to learn secure coding as a part of their ongoing learning.
  • It may help to make customers and auditors more comfortable with the security of our product.

Background

What challenges does this address?

  • We do not track who has taken the training to gauge our security risk.
  • We do not encourage developers to do the training if they have not previously taken the course.
  • We do not have a plan to motivate Bramble Team Members to refresh their knowledge of secure coding periodically.

Considerations

  • We want to encourage Bramble Team Members to take this training and periodically refresh their knowledge of it because they believe it is relevant to them and the company. We do not want to force it on them.
  • We want to track how many Bramble Team Members have taken the training / refreshed their knowledge on it to encourage full participation; however, we do not want to make it feel punitive to them if they have not yet done so.
  • We want to avoid burdening engineers with the tracking of these activities.

References