What Testers Can Do To Ensure Software Security
InfoQ, Thursday, January 8th, 2026
A secure software development life cycle means baking security into plan, design, build, test, and maintenance, rather than sprinkling it on at the end, Sara Martinez said in her talk Ensuring Software Security at Online TestConf.
Testers aren't bug finders but early defenders, building security and quality in from the first sprint. Culture first, automation second, continuous testing and monitoring all the way; that's how you make security a habit instead of a fire drill, she argued.
The Common Weakness Enumeration (CWE) statistics show that over 85% of software weaknesses come from how we implement the code, and about 60% trace back to design decisions. That means the foundation of a product, its architecture, and the way it's built have a huge impact on how secure it will be over time, Martinez said. Once the product is live, it's all about watching it closely, running vulnerability scans, and patching issues as soon as they surface to stay ahead of attackers, she added.