It's not a boolean

Always code with security in mind

Never trust the user

Know your tools

Know the threats

QA

• OWASP top 10

• Hook Code audit tool on pipeline

• Enforce encryption at rest and in-flight 

• Force logging & monitoring

• Know at least one application security scanner tool

• Know the fundamentals (AAA, PoLP, RBAC)

• Share knowledge with devs and across teams