16.9: Train Developers in Application Security Concepts and Secure Coding
- Critical Security Controls Version 7.1:
- 18.6: Ensure Software Development Personnel are Trained in Secure Coding
Ensure that all software development personnel receive training in writing secure code for their specific development environment and responsibilities. Training can include general security principles and application security standard practices. Conduct training at least annually and design in a way to promote security within the development team, and build a culture of security among the developers.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]