Why Security-as-a-Feature Will Never Happen

Explore the challenges of integrating security into software development in this 29-minute conference talk from the 44CON Information Security Conference. Delve into the reasons why security-as-a-feature remains elusive, examining when developers should learn secure coding practices and where they can acquire essential security skills. Investigate the cultural problems hindering progress, analyze the root causes of software insecurity, and consider the roles of various stakeholders in the industry. Gain insights into potential solutions and resources for improving software security, concluding with final thoughts on this critical issue in the field of information security.

Intro
Meet Lawrence Munro
When should developers learn
How secure coding isnt magic
When should devs learn to code securely
Where should devs be getting security skills
Why dont things change
Its a cultural problem
Whos to blame
Why is software insecure
What about the US
Industry
Resources
What can be done
Final thoughts
Summary