Secure Coding

Posted by clairaly on December 14, 2017

At my previous job, I was technically an Administrative Assitant. However very early on, I think they realized that I was overqualified and they needed to give me something more to keep me stimulated. Which led to me being offered the opportunity to assist the Netork Services and IT Department Manager in updating and a lot of times rewriting our nonprofit’s IT Security policies.

In IT, security is everything. At all my previous jobs, I remember the IT staff and Employee Handbooks always stressing the importance of security, passwords, etc., but I had always brushed it of as if it would never happen to me. It very much can happen to any of us. As more and more of our life and work transitions to online, the more we have to be wary of the dangers.

The three goals of security are CIA, which stands for:

  1. Confidentiality

    The concept that users should be given only enough privilege to perform their duties, and no more to prevent unauthorized access or accidental disclosure of sensitive information.

  2. Integrity

    Intergrity is the effort to keep data authentic by protecting data from intentional or accidental changes.

  3. Availability

    Availability is just what it sounds like, making sure the data is available at all times, especially during times of emergency.

I think these principles/goals of security could and should apply to developers as well. As lazy as programmers are (don’t get me wrong, laziness can be good), I do not think we should be lazy with security. What can developers do to ensure better security? Well in my opinion, we should be keeping an eye on security trends and the latest vulnerabilities to make sure our code doesn’t allow for easy hacking, and periodically going through old code to make sure we are no longer using languages that have proven to be unsecure and if we are, update that code to a more secure language.

These are just a few things things you may choose to consider moving forward as a developer. Let’s work to make the world wide web a better and safer place.