I've worked at a place where the security team were a detached, nagging presence. Devs only interacted with them when they had to, so security became an afterthought.
I've also worked at a place where the security team were trusted collaborators. Devs were comfortable communicating with them. Their security skills improved over time, and so did the security of the software they wrote.
The latter strategy is far more effective at moving the needle over the long term.
I've also worked at a place where the security team were trusted collaborators. Devs were comfortable communicating with them. Their security skills improved over time, and so did the security of the software they wrote.
The latter strategy is far more effective at moving the needle over the long term.