cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Why your best software security defence tool could be your development team

When it comes to securing an organisation’s IT infrastructure, it can be tempting to focus on sourcing and deploying the best technologies and tools, Matias Madou at Secure Code Warrior writes.

user iconMatias Madou
Tue, 26 Jul 2022
Why your best software security defence tool could be your development team
expand image

Security teams invest significant time and resources into evaluating new tools and establishing whether these can provide the level of protection that is required. Piece by piece, a security layer is then created that prevents access to core applications and data.

Increasingly, however, attention is shifting to a new area that can provide significant protection against threats: software developers. Security teams are realising that a solid development team can act as a “human firewall” in the technology supply chain to secure applications used as gateways to network access.

By educating developers about the types of threats being faced and the steps they can take to improve levels of protection, the overall security posture of an organisation can be significantly strengthened.


What does the data say?

Organisations must first understand that the software products they often use feature inherent bugs and security flaws. This comes from a stressed application development cycle that prioritises speed and functionality above security.

In partnership with Evans Data, Secure Code Warrior surveyed 1,200 active software developers in December of 2021 for our State of Developer-Driven Security Survey. The numbers showed some alarming industry trends, namely that 67 per cent of developers admitted that they routinely left known vulnerabilities and exploits in their code.

This is not to find fault with the developers, but with the system they work inside. These developers often neglect security because of tight deadlines, the prioritisation of functionality over security, or a lack of training or knowledge about fixing security problems.

Only 14 per cent of those surveyed said application security was their top concern during development, falling behind priorities such as code quality, application performance, and the ability to solve real-world problems.

Leveraging in-house development

To make security improvements, organisations should lean on their development team. Properly trained in-house developers can act as a firewall for company systems, writing software that is inherently secure, and overseeing best practice access control in elements like APIs to improve a company’s overall security posture.

Developers have a front-row seat to an organisation’s security challenges and can augment security practices that match how employees leverage applications. In-house developers are at the front lines of cyber defense. With proper training and time, these developers can fortify security features.

As we’ve seen from the SolarWinds and Kaseya breaches, supply chains will remain a key area for attack. Since these types of platforms can ship with vulnerabilities, in-house developers can provide additional security features to close these vulnerabilities.

Ideally, platform vendors will improve the cyber security of their platforms before shipping, but it may take a rash of more high-profile breaches before that happens. Business consumers cannot continue to operate in a world where the security of their platforms is unknown. Work with your developer team to add security features to avoid these types of attacks.

An urgent call for change

The number of security threats faced by organisations continues to evolve and increase. While tools and technologies play an important role, these need to be augmented by human resources.

Developers need to be equipped with the training and skills they require to enable them to become part of the overall security structure. This approach also allows an organisation to overcome the challenges associated with the ongoing shortage of skilled IT professionals by growing talent from within.

By utilising their existing knowledge and giving them the opportunity to become more involved in a well-rounded, defensive security strategy, the overall protection enjoyed by the organisation will be enhanced.

Matias Madou is the co-founder and CTO, Secure Code Warrior.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.