Lessons from the Dojo: The Karate of Software Security presented at SourceDublin 2015

by Paco Hope,

Summary : We can both learn and teach software security the way we learn and teach martial arts. Shotokan Karate, like many others, divides its art into "kihon", "kata", and "kumite": basics, repeated forms, and sparring. Software security maps well into this same arrangement. Paco applies the form of Karate to the martial art of software security to reveal the "kihon", "kata", and "kumite" that we should both learn and teach. Our basics are our language and platform practices, our kata are security design patterns, and our kumite is sparring through adversarial security testing. Just as kata are built from basics, our secure design patterns are built from fundamental capabilities. Sparring puts them into practice in a safe space for learning. We learn through repeatedly doing the right thing until doing it right is easier than doing it wrong. We teach through repetition, clarity, and safe practice spaces. Place your shoes neatly by the door of the dojo and attend a master's lesson.