In episode 11 of E.B. Spoke, Danielle Scheufler and Erik Boemanns discuss the importance of habit formation in the context of writing secure software. They explore how much of software security depends on human behaviors rather than just automation and tooling. Referencing 'Atomic Habits' by James Clear, they address the value of identity-based habits that align with team culture, which is often compromised by superficial adherence to company values. Moreover, they delve into how secure coding habits can be nurtured at various organizational levels—from individual developers to teams and upper management—emphasizing the need for enhancing security culture through education, prioritization, and reward systems. They argue that security habits involve consistent maintenance practices and understanding the interplay between security and operational tasks. The episode covers real-world examples, discusses the importance of psychological safety, and recommends community resources for building a security-focused mindset.
Share this post