Stopping bugs before they ship: The shift to preventative security

Stopping bugs before they ship: The shift to preventative security

Briefly

"Software has a lifecycle. From the spark of an idea through coding, testing, deployment, customer use, and eventual revision or retirement, each line, module, and component becomes more entrenched, more solidified as part of the overall solution, and therefore much harder to fix if problems arise later. Yet, we often fix software solely based on late-stage usage. In this article, we'll discuss proactive strategies to prevent flaws from reaching production before deployment."

"Two terms are key to this approach: secure-at-the-source and secure-by-design. Both terms refer to the process of building security and reliability into code at the earliest stage of the software lifecycle. We'll focus on how security can be designed into all phases, from requirements and design through coding, dependency selection, build pipelines, deployment, and maintenance."

"Before we might have asked, "How quickly can we find and fix what went wrong?" That's still a valid question. But we're looking at asking another question much earlier: "Where are risks entering our development process, and what can we change in our designs, tools, templates, dependencies, and reviews so fewer of them reach code in the first place?""

"Coding always starts with a vision of the result desired. This process sparks a design stage, where designers and coders (sometimes the same person or people) work out how to approach the coding process. It's here, before the first line of code is written, that vulnerabilities start to manifest."