In this episode of the podcast, host Paul Roberts welcomes Tanya Janca of She Hacks Purple back into the studio. Tanya talks about her newly released book: Alice and Bob Learn Secure Coding, published by Wiley and the larger problem of how to promote the teaching of secure coding practices to developers.







[Video Podcast] | [MP3] | [Transcript]















In today’s Security Ledger podcast, Paul welcomes the amazing Tanya Janca back to the studio. The founder of She Hacks Purple and the We Hack Purple community, Tanya does secure coding training, and developer relations at SemGrep. She’s a passionate advocate for teaching secure development practices and promoting secure application design.







In our conversation, Tanya dives deep into her new book, “Alice and Bob Learn Secure Coding,” a guide to secure coding for everyone from new- to experienced developers. We unravel her journey from doing coding to becoming a recognized expert in application security and secure software.







Tanya Janca is the founder of She Hacks Purple





Her journey highlights one of the software industry’s quirks: while the path to becoming a developer is straightforward, the paths to doing application security as a profession are seemingly arbitrary. Tanya’s own experiences underscore the need for secure coding to be intrinsic to every software developer’s education. And that was the inspiration for her new book, after Wiley’s Jim Minitel prompted her to write the book she would have wanted to read to make the transition from a developer to an application security professional.







Bridging the Gap Between Developers and Security







One of the big issues that complicate efforts to improve software security is the gap that exists between security and development teams .Contrary to popular belief, software developers and security teams operate in distinct realms with unique skill sets, and are often siloed within software development organizations.







This divergence calls for tailored approaches to instill security practices in software development—something her new book aims to achieve by addressing practical methodologies rather than dwelling solely on vulnerabilities.







In Alice and Bob Learn Secure Coding, Tanya explores the full breadth of secure coding practices, highlighting the importance of holistic practices across languages, frameworks, and technologies. She calls for a shift from relying on scare tactics to fostering a proactive, security-minded culture in software development teams. That includes a shift from the current focus on features and rapid release cycles to robust security measures. Tanya encourages developers to question existing norms and engage in conversations that could shift project trajectories towards more secure outcomes. That might include everything from questioning data permissions in application development to advocating for mandatory cybersecurity education for students and young software engineers.









“If you learn secure coding, you’re going to have less bugs later, which means you have less things to do later. If you are not creating the bugs in the first place, everything’s better, right? You save money, you save time, all these things.”— Tanya Janca, She Hacks Purple









One solution might be greater governmental involvement to establish robust cybersecurity...