An application usually contains a lot of modules or subsystems, and a development process involves in members playing various roles, such as business analysts, developers, testing personnel, operation and maintenance staffs, as well as Web front-end developers, back-end server developers, mobile application developers, etc. if further classified. Since there are so many team members of various types but with different security awareness and security skills, a security threat is easy to occur once a security vulnerability generated during development entered a product environment due to the negligence by even one of them.
Those team members in close cooperation are just like the wood plates that form a cask, and the security level of an application developed depends, to a certain degree, on the one with the lowest security awareness and security skill. Besides, if there are only a few with good security awareness and skills in the team, it is almost impossible to improve product security significantly; only when the security awareness and skills of the overall team are enhanced, can product security be improved remarkably. To achieve this goal, it is of great necessary to perform security training.
Those team members in close cooperation are just like the wood plates that form a cask, and the security level of an application developed depends, to a certain degree, on the one with the lowest security awareness and security skill. Besides, if there are only a few with good security awareness and skills in the team, it is almost impossible to improve product security significantly; only when the security awareness and skills of the overall team are enhanced, can product security be improved remarkably. To achieve this goal, it is of great necessary to perform security training.