This seems like rational behavior for a high-pressure situation. You might do this. I might do this too. But it causes risk.

Tanya Janca | Shehackspurple @shehackspurple · Jan 27 I’ve been working toward this for years, and it finally happened.

Canada now has a parliamentary petition to require secure coding in federal software. If you care about cybersecurity, public safety, and better government tech, please sign.

Why can’t people just “do the right thing” all the time? Can’t they just try hard, have some willpower, and behave perfectly? I don’t know about you, but I am certainly not perfect all the time. I’m in a rush. I skip steps. It compiles, so I commit. We are not robots, we are human beings, and we have a lot going on. But…. There’s more.

What if insecure code is not a result of laziness, a lack of knowledge, or malice? What if software developers are doing their best, but they have been set up to fail?

More terrifying supply chain attacks against developers

Over 30 practical tips for writing more secure JavaScript!

Threat modeling is really just a fancy way of saying: “Let’s think about what could go wrong with our software in advance, so we can stop it before it happens.”

Canada’s digital software is critical infrastructure. It runs our country, and we depend upon it. Let's protect it with a secure coding policy, now.

I've created a petition to try to get Canada to adopt a government-wide secure coding policy. If you are Canadian, please consider signing.

I just published a 9-page secure coding guideline that’s free to download when you join my newsletter. It’s based on my book Alice and Bob Learn Secure Coding, but distilled down into practical, achievable advice.

Language and framework agnostic

Focused on real-world, actionable practices

Designed to be clear, not overwhelming

My goal was to make something that developers can actually use, not just read once and forget. I’d love feedback from the HN community—what's missing? What’s useful?