May I suggest, the first place to start, is the security software companies themselves. All of the providers of cybersecurity software - including even those who provide application security software - are at their heart, software companies *first*, and cybersecurity companies second.
There is an idea in software of "eating your own dogfood", which in this case, also means, following your own advice. We very often, struggle with actually getting this done. It is a never ending battle between shipping product, and security of said product.
Starting with these companies who know very well the challenges on both sides, should provide you with insight.
Great initiative.
May I suggest, the first place to start, is the security software companies themselves. All of the providers of cybersecurity software - including even those who provide application security software - are at their heart, software companies *first*, and cybersecurity companies second.
There is an idea in software of "eating your own dogfood", which in this case, also means, following your own advice. We very often, struggle with actually getting this done. It is a never ending battle between shipping product, and security of said product.
Starting with these companies who know very well the challenges on both sides, should provide you with insight.