I recently completed preparing a presentation for the Forrester Digital Business Forum in Chicago this fall. The session I’m delivering is on delivering mobile app quality, and through my research, I’ve learned that security is an important part of app quality. My colleagues Michael Facemire and Tyler Shields recently published a report on The Future Of Mobile Security Development and that, plus some experiences I had working with a development team in a previous position, started me thinking about what it takes to make a developer that understands how to code apps securely. The report I listed above covers the security topic well, and makes some recommendations on how the security aspect of app development is likely to change, but beyond security capabilities and tools, how do you ‘create’ the type of developer that understands exactly what to do to build security into their apps?
I know trial and error works, but that’s expensive. Tools exist that can validate security aspects of an application, even tools that enforce security on apps, especially mobile apps, but those are last mile solutions – what do you do to help developers implement solid security into their apps in advance of those tools? If you have insights into this topic, can you reach out to me and let me know? I think this would be an interesting report to write.