Many of the techniques for secure coding have been left out of courses for software developers. Without proper knowledge of how to build secure software, programmers run the risk of jeopardizing development projects.
Whatever the programmer's experience, all developers must focus on the security risks introduced during the development process and apply security principles specific to the programming languages, operating systems and technology they use.
It is less expensive and less disruptive to discover design-level vulnerabilities during the design, rather than discovering them during implementation or testing, forcing a costly redesign of pieces of the application.
Proper training on how to capture security requirements along with the more familiar functional requirements goes a long way in helping a team deliver an application with security that is "good enough." When the application's design is under development, threat modeling and the integration of necessary security countermeasures prove vital to the secure development lifecycle. Developers need instruction on how to exercise the countermeasures during the development test phase to verify the application does not make private information vulnerable to potential attackers.
Although security is not always a priority during the application development lifecycle, a training program for a development team on how to integrate security into the lifecycle can avoid costly headaches in the future.
