'Big four' bank to boost security coding

Sydney-based IT firm Secure Code Warrior has signed a $1 million, three-year deal with a major Australian bank to strengthen the security coding skills of 4000 software developers.

Secure Code Warrior will supply hands-on training exercises that will teach developers not only to find vulnerabilities, but to identify patches for those flaws.

The effort will use a gamification model where points are awarded to participants for selecting correct answers, with developers competing for the title of most secure coder.

"Ensuring that application code is written more securely in the first place can significantly reduce the effort to identify and remediate vulnerabilities once applications have been deployed," said Secure Code Warrior co-founder Pieter Danhieux.

"Too often, secure code training consists of classroom-style sessions which do not scale; fail to engage developers though abstract concepts, resulting in low-knowledge retention rates; and lack the educational material to show how to remediate vulnerabilities."

Coders will be put through a series of courses that will test their ability to write secure code, plus identify a series of vulnerabilities and analyse multiple patch options.

This will have the effect of teaching developers to both find and patch vulnerabilities, a feat that is normally separated into distinct spheres.