Fork me on GitHub

CultureAndOrganization -> Education and Guidance: Conduction of build-it, break-it, fix-it contests

Risk and Opportunity

Risk: Understanding security is hard, even for security champions and the conduction of security training often focuses on breaking a component instead of building a component secure.
Opportunity: The build-it, break-it, fix-it contest allows to train people with security related roles like security champions the build, break and fix part of a secure application. This increases the learning of building secure components.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Very High (three or more disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017