Farayi

A Cybersecurity Consultant

Menu
  • Home
  • About Me
  • Blog
  • Projects
  • Contact Me
Menu

Who doesn’t want to write secure code?

Posted on 28/03/202204/04/2025 by Farayi Dzichauya

Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear sense of when security input is needed. 

An interesting project that is on my radar is The Motivating Jenny project which sets out to understand how to develop more secure software. The approach being explored is an interesting one to me they have identified that developers if trained to identify security sensitive aspects they see better outcomes. They found that for more secure code code, developers need to learn how to recognise where security input is needed and apply their knowledge and access support as needed and hence get better outcomes on the whole. 

Research from Motivating Jenny identified that a developer responds to the security needs in these situations within common dimensions of development practice.  The dynamics are summarised in the diagram below. 

Its going to be interested testing out this approach in the real world and seeing the results. In my opinion anything that can produce more secure code is worth a try. 

Newsletter

Hungry for industry insights? Our newsletter delivers bite-sized brilliance straight to your inbox. Discover the trends reshaping tomorrow while sipping your morning coffee today. Experts, insiders, and thought leaders await—just add your email address below.

Recent Posts

  • Communication in Cybersecurity
  • DDOS attacks in the financial sector surging
  • A Wave of Data Breaches – Retail
  • Quantum is here: Why Your Business Has Less Than 18 Months to Prepare
  • How can generative ai be used in cybersecurity
  • Leveraging DORA Metrics to Enhance DevSecOps Performance
  • Critical Security Alert for Nginx: Dubbed The Ingress Nightmare Vulnerabilities
  • The Emerging Cyber Threat Landscape: Navigating Unprecedented Digital Risks
©2025 Farayi