Built-in security education
Checkmarx is one of several vendors looking to address that very issue.
“We take source code, and do the analysis on 10 or 100 lines of code, allowing the developers to see the vulnerabilities at a very early stage,” said Amit Ashbel, director of product marketing at Checkmarx. “And then we take them to a brief, five to 10 minute session on how to fix the code. We show them how to hack the code, and they can try it in real time. Then they understand what that vulnerability could have exposed to their code to.”
As a result, the learning is delivered exactly when the developers need it most, he said.
“They don’t have to move away from their desk, they don’t have to spend too much time sitting in a room and listening to lectures,” he said. “I think this is the way to do secure coding education.”