SAN FRANCISCO -- One of the biggest challenges in fostering a secure software development program is inspiring developers. How can an organization successfully incentivize programmers so they care about developing their security skills? At Adobe, the answer is simple: turn developers into security ninjas, so to speak.
"We have these little badges we put on our internal directory, and we call them 'flare.' So you have your little ninja white belt or green belt, and you lose your flare if you don't refresh" your developer security training, said Adobe Chief Security Officer Brad Arkin. "Once people started seeing their badges disappear, that was such a hardship; they wanted to get their 'ninja' back … our refresh rate after that was 97%."
In this video, recorded at the 2013 RSA Conference, Arkin offers an in-depth look at Adobe's secure software development lifecycle program, including how the vendor trains its developers, how it continues to evolve and improve its secure software development program, and how it ties developer security skills to career opportunities. Arkin also shares his advice on how to get business stakeholders to care about and support software security.
Editor's note: Arkin's title at the time of the interview was senior director of product security.