Software developers: Prime cyber targets and a rising risk vector for CISOs
Software developers: Prime cyber targets and a rising risk vector for CISOs
Publish Date: 2026-02-09 02:02:00
Source Domain: www.csoonline.com
“Well-known solutions to these problems include isolating workspaces in containers, centralizing image and secret management, and enforcing regular audits and procedure logging, all of which can effectively reduce the danger,” says Eric Paulsen, CTO for EMEA at software development platform provider Coder.
Best practice has always been to pin workflow actions against immutable SHA hashes stored on tamper-proof hardware modules, according to David Sugden, head of engineering at digital transformation consultancy Axiologik.
“Similarly, allow lists, secrets scanning, and software composition analysis continue to form DevSecOps baselines that increase protection,” Sugden says. “Gating direct access to external dependencies offers protection against malicious packages and versions, as well as preventing downloads for older, insecure packages.”
Michael Burch, application security advocate at cybersecurity training firm Security Journey, emphasizes the importance of offering software developers continuous, hands-on training.
“Developers need realistic exercises that demonstrate impact. Allow them to see how systems fail and empower them to fix issues themselves,” Burch advises.
