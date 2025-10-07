Bethesda, MD, Oct. 07, 2025 (GLOBE NEWSWIRE) -- SANS Institute, the global leader in cybersecurity training and certification, today announced the launch of SANS Developer Security Training, a scalable, immersive learning program designed to equip developers with the skills to write secure code from the start, reduce tool fatigue, and meet escalating compliance demands.

Despite widespread adoption of tools like SAST, DAST, and SCA, most organizations continue to release software with known vulnerabilities. Industry data shows that false positives from application security scanners often exceed 70 to 90 percent, forcing developers to waste time chasing phantom flaws while critical issues slip through the cracks.

"Security tools are essential, but they can't fix what developers don't know," said Jeremy Schweitzer, Senior Product Manager at SANS Institute. "The real shift happens when developers are empowered to prevent vulnerabilities before they exist. That's what this training is designed to do."

Built on real-world codebases and mapped to compliance frameworks like the OWASP Top 10 and NIST Secure Software Development Framework (SSDF), the training combines short, immersive labs with role-specific content that fits naturally into agile workflows. Each module is designed to take under 30 minutes and is delivered via LMS, enabling enterprise-wide tracking and audit-ready reporting.

Why It Matters:

False positive fatigue: Security scanners flood teams with alerts. SANS training helps developers triage better and write safer code from the start.

Compliance pressure: Frameworks like NIST SSDF and PCI DSS require secure development training. This program delivers aligned, auditable outcomes.

Real-world impact: Labs use tools like Burp Suite and VS Code inside sandbox VMs to mirror the environments where vulnerabilities actually occur.

"Developers practice fixing real flaws using the same tools they rely on every day," said Schweitzer. "That hands-on experience builds judgment, not just awareness, which is exactly what teams need to shift security left."

The training is available in multiple languages and supports both junior and senior developers. Organizations can explore the program through a free 7-day demo, allowing security and engineering leaders to evaluate fit, effectiveness, and compliance readiness.

As a companion to the launch, SANS has also published a new Secure Development Playbook to help leaders integrate secure coding into broader AppSec and DevOps strategies.

"Investing in developer skills is no longer optional. It is the missing piece in most security programs," added Schweitzer. "With this launch, we are giving organizations a practical, scalable way to build security-first cultures without slowing innovation."

For more information or to access the demo: https://www.sans.org/u/1D22