Secure Code Warrior® Case Studies

Secure Code Warrior® Case Study

Australian Bureau Of Statistics

Introduction

This case study of the Australian Bureau of Statistics is based on a July 2021 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service.

Challenges

We reached out to the Australian Bureau Of Statistics (ABS), a current user of the Secure Code Warrior® platform, to ask them a few questions about the types of training solutions that they used prior to selecting Secure Code Warrior®. According to the ABS, in the past, their developers took part in a number of training activities, including:

Face-to-face classes/training sessions
Generic computer-based training (LinkedIn Learning/Pluralsight/Udemy)
Training conducted in house by resident developers

When asked how they would asses their previous training solutions and why they ultimately decided to go with Secure Code Warrior®, ABS stated that the main reason were that these solutions:

DID NOT help them to embrace a preventative, start left approach
DID NOT help guide developers to better learning outcomes
DID NOT offer a scalable solution for their application security needs

Use Case

ABS believed that their cyber security program required a number of “important” elements in order to be successful, this included:

Compliance training
Continuous developer training
Code analysis (SAST/DAST/IAST/RASP)
Bug bounty programs
penTesting

When asked how the Secure Code Warrior® learning platform compared to the training solutions they were using before, ABS felt that the Secure Code Warrior® learning platform was a “Better” solution, and believed that the Secure Code Warrior® platform:

Helps guides developers to better learning outcomes, and
Delivers fun and engaging training for their developers

ABS also agreed that the platform:

Helps build transferable skills in their developers
Helps them to embrace a preventative, start left approach
Provides structured training that builds on their developers existing skills and knowledge
Delivers relevant, hands-on, and engaging developer-centric training
Offers a scalable solution to their business’ application security needs

Results

As a result of using the Secure Code Warrior® platform, ABS confirmed that the platform had had a “noticeable impact” on the reduction of vulnerability density in the lines of code in their software.

They “strongly agreed” that after using the Secure Code Warrior® platform, they were able to observe an improvement in collaboration between developers and application security teams, and agreed that the platform:

Has helped their developers become more confident in their secure coding skills
Has made their developers become more proactive when identifying hidden security issues in new and legacy code
Has enabled them to meet their yearly compliance requirements

Secure Code Warrior® Case Study

Medium Enterprise – Healthcare Company (Perspective: AppSec Manager)

Introduction

This case study of a medium enterprise healthcare company is based on a July 2021 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

We reached out to an application security (AppSec) manager of a medium-sized enterprise healthcare company and asked them about the types of secure code developer training solutions that their company had used prior to selecting Secure Code Warrior®. According to the AppSec manager, their company used a combination of the following:

Face-to-face classes/training sessions
Generic computer-based training (LinkedIn Learning/Pluralsight/Udemy)
Training conducted in-house by resident developers

According to the AppSec manager, the PREVIOUS solutions presented some key challenges for his company as the previous solution:

DID NOT help their business embrace a preventative, start left approach
DID NOT offer a scalable solution to their business’ application security needs
DID NOT offer an ongoing upskilling solution rather the previous solution was more of a one-off training solution

Use Case

It was “extremely important” to the AppSec manager that the cyber security program that he managed for the healthcare company he worked for had the following elements in order to be successful:

Continuous developer training
Compliance (one-off) training
Code analysis (SAST/DAST/IAST/RASP)

When asked to compare the Secure Code Warrior platform to the solution they were using before, the AppSec manager said that the Secure Code Warrior® learning platform was a “better” alternative, and “strongly agreed” that the platform:

Delivers relevant, hands-on, and engaging developer-centric training
Helps them to embrace a preventative, start left approach
Offers a scalable solution to their business’ application security needs
Delivers fun and engaging training for their developers

They also “agreed” that the platform:

Helps build transferable skills in their developers
Provides structured training that builds on their developers existing skills and knowledge
Guides developers to better learning outcomes

Results

As a result of using the Secure Code Warrior® platform, the AppSec manager of the surveyed company felt that:

The framework-specific content played an essential role in helping their developers apply their training to make their code base more secure.
The Secure Code Warrior® platform had ‘a noticeable impact’ in helping to reduce the vulnerability density in lines of code in their software.

The profiled company also agreed that there were other areas that the Secure Code Warrior® platform had an impact on and reported:

That they saw an improvement in collaboration between developers and application security teams
Their developers now have higher job satisfaction and are more likely to stay with the company

Perhaps the most impressive result that they were able to observe after using Secure Code Warrior® (to their best estimate) was that they were able to observe a reduction to the amount of time it took to fix or remediate vulnerable code by 26-50%.

Secure Code Warrior® Case Study

Medium Enterprise – Cloud Computing Company (Perspective: Executive/VP of Security)

Introduction

This case study of a medium enterprise computer software company is based on a July 2021 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

We reached out to the Executive/VP of a medium enterprise cloud computing company to ask them about the developer training solution their company was using prior to selecting Secure Code Warrior, according to the Executive, their company’s developers mostly took part in unstructured independent study outside of their work. The Executive felt that this form of independent learning presented a number of challenges for their company as:

it DID NOT help their developers build transferable skills in their developers;
it DID NOT help their developers embrace a preventative, start left approach
it DID NOT help provide structured training that builds on their developers existing skills and knowledge;
it DID NOT offer a scalable solution to their business’ application security needs
it DID NOT offer an ongoing upskilling solution rather than a one-off training solution.

Use Case

According to the Executive, as a cloud computing company it was ‘extremely important’ for his company to have cyber security program that provided continuous developer training for its developers as well as commission regular PenTesting;

The Executive also highlighted that it was ’important’ for their company to be able to:

achieve compliance (one-off) training, and;
code analysis (SAST/DAST/IAST/RASP), and to a lesser degree;
bug bounty programs.

When ask how they would assess the Secure Code Warrior® learning platform in comparison to their previous developer upskilling activities, the Executive agreed that the Secure Code Warrior® was a ‘massive improvement’ and ‘strongly agreed’ that the platform:

helped them to embrace a preventative, start left approach
offered a scalable solution to their business’ application security needs

The Executive also attested that the platform also helped them:

build transferable skills in their developers;
provided structured training that builds on their developers existing skills and knowledge;
guide developers to better learning outcomes;
delivers relevant, hands-on, and engaging developer-centric training; and lastly but certainly not least,
deliver fun and engaging training for their developers.

Results

As a result of using the Secure Code Warrior® platform, the Executive felt that a key outcome was how much ‘noticeable impact’ that the learning platforms’ ‘framework-specific’ content in helping their developers apply the training they received in making their code base more secure.

The Executive agreed that the Secure Code Warrior® platform had also made a noticeable impact in helping to reduce the vulnerability density in lines of code in the software they produce.

In addition they agreed that as a result of using the Secure Code Warrior® platform:

their developers now proactively identify hidden security issues in new and legacy code;
they have seen a decrease in the amount of security flaws identified in scanning tools; and most importantly,
they have been able to meet our yearly compliance requirements.

Secure Code Warrior® Case Study

Oracle NetSuite

Introduction

This case study of Oracle NetSuite is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

“The Secure Code Warrior platform provided a complete all-in-one enterprise solution for addressing our training and secure coding needs.”

“…Part of a larger initiative to increase security awareness among technical staff.”

Challenges

The business challenges that led Oracle NetSuite to evaluate and ultimately select Secure Code Warrior®:

Existing training was not interactive, contextual, or engaging for the development teams
There was no way to effectively assess and benchmark a developer’s secure coding knowledge
The struggle to identify and target skills/knowledge gaps in our team and build a program to address them

Use Case

Prior to using Secure Code Warrior®, NetSuite was using internal employee training to educate its employees on secure coding. According to feedback from developers it was found that existing training was not interactive, contextual or engaging. It was also difficulty to assess a developers skill level and identify gaps in developer knowledge and skill.

Results

The Oracle NetSuite achieved the following results with Secure Code Warrior® Learning Platform:

An increase in time spent by developers in training and eagerness to learn about secure coding
Tournaments increase awareness
Provides better education outcomes for my developers with a range of learning options and experiences
Since implementing Secure Code Warrior, said they have accomplished the following:
- Been able to effectively benchmark developer’s secure coding knowledge
- The team is releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.
- Reduced/eliminated between 1% – 10% of common code vulnerabilities that were present in our code.

Secure Code Warrior® Case Study

Medium Enterprise Healthcare Organization

Introduction

This case study of a medium enterprise healthcare company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

“The Secure Code Warrior platform provided a complete all-in-one enterprise solution for addressing our training and secure coding needs.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

Existing training was not interactive, contextual, or engaging
Existing training lacked relevance to everyday tasks their developers had to do
The struggle to identify and target skills/knowledge gaps in our team and build a program to address them
Difficulty to get everyone in the business onboard and engaged about Application Security and organization-wide awareness was poor

Use Case

*Prior to using Secure Code Warrior, the organization was using generic computer-based training solutions e.g Udemy, Pluralsight, LinkedIn Learning to train its employees on secure coding. Feedback from developers revealed that this form of training was not interactive, not contextual, or unengaging. It also lacked relevance to everyday tasks their developers had to do. Team managers found it difficult to identify and target gaps in developer skills and knowledge. The organization also found it a challenge to engage the rest of the company and improve organization-wide awareness regarding secure coding and application security.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

A cyber first organization that cares deeply about security
Better quality code
Fewer recurring vulnerabilities
An increase in time spent by developers in training and eagerness to learn about secure coding
Provides better education outcomes for my developers with a range of learning options and experiences
Since implementing Secure Code Warrior, said they have accomplished the following:
- Been able to effectively benchmark developer’s secure coding knowledge
- Targeted skills/knowledge gaps in their team and build a program to address them
- Said their team is releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.

Secure Code Warrior® Case Study

Energy & Utilities Company

Introduction

This case study of a medium enterprise energy & utilities company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

“The Secure Code Warrior platform provided a complete all-in-one enterprise solution for addressing our training and secure coding needs.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

There was no way to effectively assess and benchmark a developer’s secure coding knowledge
The struggle to identify and target skills/knowledge gaps in our team and build a program to address them
Difficulty to get everyone in the business on board and engaged about Application Security and organization-wide awareness was poor

Use Case

Prior to using Secure Code Warrior the organization was using internal employee training to train its developers on secure coding, this resulted in low organizational awareness in secure software practices, limited understanding of the teams skill-set and knowledge, and no way to effectively assess and benchmark their teams’ skills.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

An increase in time spent by developers in training and eagerness to learn about secure coding
Higher engagement from everyone in the organization, to be part of the solution
Provides better education outcomes for my developers with a range of learning options and experiences
Since implementing Secure Code Warrior, said they have accomplished the following:
- Been able to effectively benchmark developer’s secure coding knowledge
- Targeted skills/knowledge gaps in their team and build a program to address them

Secure Code Warrior® Case Study

Global 500 Retail Company

Introduction

This case study of a Global 500 retail company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

Difficulty to demonstrate developer training attendance, concept retention and competence for effective compliance training management
There was no way to effectively assess and benchmark a developer’s secure coding knowledge
Difficulty to get everyone in the business onboard and engaged about Application Security and organisation-wide awareness was poor
Videos were expensive and boring for developers

Use Case

Prior to using Secure Code Warrior the organization was using generic computer-based training solutions e.g Udemy, Pluralsight, LinkedIn Learning to train its employees on secure coding. Feedback from training program administrators revealed that it was difficult to demonstrate developer participation, attendance, retention of concept and competence on the subject matter. It was also difficult to assess the developer skill level. Company-wide awareness was also challenge.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

Better quality code
Fewer recurring vulnerabilities
Tournaments increase awareness
Provides better education outcomes for my developers with a range of learning options and experiences

Since implementing Secure Code Warrior, said they have accomplished the following:

Met annual compliance objectives
Been able to effectively benchmark developer’s secure coding knowledge
Targeted skills/knowledge gaps in their team and build a program to address them

Secure Code Warrior® Case Study

Federal Government

Introduction

This case study of a federal government is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled organization asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

“The Secure Code Warrior platform provided a complete all-in-one enterprise solution for addressing our training and secure coding needs.”

Challenges

The business challenges that led the profiled organization to evaluate and ultimately select Secure Code Warrior®:

Existing training was not interactive, contextual, or engaging
Difficulty to demonstrate developer training attendance, concept retention and competence for effective compliance training management
There was no way to effectively assess and benchmark a developer’s secure coding knowledge

Use Case

Prior to using Secure Code Warrior the organization was using internal employee training to train its employees on secure coding. Feedback from developers for this form of training method revealed that training was not interactive, contextual or engaging. There was also no way to properly demonstrate attendance or improvement and assess developer competency .

Results

The surveyed organization achieved the following results with Secure Code Warrior®:

Better quality code
An increase in time spent by developers in training and eagerness to learn about secure coding

Since implementing Secure Code Warrior, said they have accomplished the following:

Been able to effectively benchmark developer’s secure coding knowledge
Seen an uplift in customer trust and satisfaction in our product/services as a result of improved confidence in the security of their code

Said their team is releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.

Secure Code Warrior® Case Study

Fortune 500 Financial Services Company

Introduction

This case study of a Fortune 500 financial services company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

Existing training was not interactive, contextual, or engaging

Use Case

Prior to using Secure Code Warrior the organization was using a generic computer-based training solution to train its employees on secure coding. Feedback from their developers revealed that this form training was not interactive, contextual or engaging.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

Fewer recurring vulnerabilities
Since implementing Secure Code Warrior, they have accomplished the following:
- Target skills and knowledge gaps in their team and build a program to address them
- Releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring flaws.

As a result of using Secure Code Warrior, reduced/eliminated between 11% – 20% of common code vulnerabilities that were present in their code.

Secure Code Warrior® Case Study

Fortune 500 Automotive & Transport Company

Introduction

This case study of a Fortune 500 automotive & transport company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We have been more effective at meeting organizational security compliance with current industry regulations and guidelines as a result of using the platform.”

“The Secure Code Warrior platform provided a complete all-in-one enterprise solution for addressing our training and secure coding needs.”

“Secure Code Warrior brought a much wider awareness and engagement because of its game-like features and tournaments.”

Challenges

The business challenges that led this fortune 500 company to evaluate and ultimately select Secure Code Warrior® were:

Difficulty to demonstrate developer training attendance, concept retention, and competence for effective compliance training management
There was no way to effectively assess and benchmark a developer’s secure coding knowledge

Use Case

Prior to using Secure Code Warrior the organization was using Security Innovation to train its developers on secure coding. According to feedback from the program administrators, it was difficult to benchmark developers’ secure coding knowledge; retention of knowledge, engagement, and overall competency.

Results

The company achieved the following results with Secure Code Warrior®:

Better quality code
Fewer recurring vulnerabilities
Increased awareness, with Tournaments
Provided better educational outcomes for my developers with a range of learning options and experiences
Since implementing Secure Code Warrior, they have accomplished the following:
- Been able to effectively benchmark developer’s secure coding knowledge
- Targeted skills/knowledge gaps in their team and build a program to address them
- Releasing code at a significant rate with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.
- As a result of using Secure Code Warrior, reduced/eliminated between 21% – 30% of common code vulnerabilities that were present in our code.

TechValidate Research on Secure Code Warrior®

10 Case Studies

Australian Bureau Of Statistics

Introduction

Challenges

Use Case

Results

Organization Profile

About Secure Code Warrior®

Medium Enterprise – Healthcare Company (Perspective: AppSec Manager)

Introduction

Challenges

Use Case

Results

Company Profile

About Secure Code Warrior®

Medium Enterprise – Cloud Computing Company (Perspective: Executive/VP of Security)

Introduction

Challenges

Use Case

Results

Company Profile

About Secure Code Warrior®

Oracle NetSuite

Introduction

Challenges

Use Case

Results

Company Profile

Medium Enterprise Healthcare Organization

Introduction

Challenges

Use Case

Results

Company Profile

Energy & Utilities Company

Introduction

Challenges

Use Case

Results

Company Profile

Global 500 Retail Company

Introduction

Challenges

Use Case

Results

Company Profile

Federal Government

Introduction

Challenges

Use Case

Results

Organization Profile

Fortune 500 Financial Services Company

Introduction

Challenges

Use Case

Results

Company Profile

Fortune 500 Automotive & Transport Company

Introduction

Challenges

Use Case

Results

Company Profile