GoKawiilsankai/iStock/Getty Images Plus
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Secure software needs to begin before coding.
Threat modeling helps teams catch risky assumptions early.
Dependency hygiene can prevent hidden supply chain risks.
Software has a lifecycle. From the spark of an idea through coding, testing, deployment, customer use, and eventual revision or retirement, each line, module, and component becomes more entrenched, more solidified as part of the overall solution, and therefore much harder to fix if problems arise later. Yet, we often fix software solely based on late-stage usage. In this article, we'll discuss proactive strategies to prevent flaws from reaching production before deployment.
Two terms are key to this approach: secure-at-the-source and secure-by-design. Both terms refer to the process of building security and reliability into code at the earliest stage of the software lifecycle. We'll focus on how security can be designed into all phases, from requirements and design through coding, dependency selection, build pipelines, deployment, and maintenance.
Also: The best zero trust security platforms: Secure your network perimeters with fast, secure access controls
This approach requires a mindset shift through the lifecycle. Before we might have asked, "How quickly can we find and fix what went wrong?" That's still a valid question. But we're looking at asking another question much earlier: "Where are risks entering our development process, and what can we change in our designs, tools, templates, dependencies, and reviews so fewer of them reach code in the first place?"
... continue reading