Fork me on GitHub

Culture and Org. -> Education and Guidance: Conduction of build-it, break-it, fix-it contests

Risk and Opportunity

Risk: Understanding security is hard, even for security champions and the conduction of security training often focuses on breaking a component instead of building a component secure.
Opportunity: The build-it, break-it, fix-it contest allows to train people with security related roles like security champions the build, break and fix part of a secure application. This increases the learning of building secure components.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Implementation hints:
ISO27001:2017 Controls Mapping: