Increasingly complex software systems and large databases are making it more difficult than ever for developers to keep track of security issues in their applications while increasing the likelihood of dangerous glitches. In fact, the latter problem could be a bigger issue for companies than traditional cybersecurity breaches, according to some experts, making it essential that organizations look for ways to strengthen their software functionality as the demands on it scale up.
In a recent column for TechWeekEurope, data management executive Iain Chidgey advocated for more thorough testing when working with applications that interface with large, complex business databases. While the risk of a data breach is always important to plan for, a software glitch can create a bigger disturbance and may be more likely to occur.
“As we become ever more dependent on software applications, and the size and complexity of data that run within those applications increases, risks of software glitches will also increase,” Chidgey wrote. “Cyber threats have been in the news, but software glitches are for many a more present threat. Don’t neglect cyber security, but make sure that your glitches don’t become your Achilles’ heel – keep testing.”
Scaling up application security
One of the issues that most often results in glitches or software security flaws making it into release is that most organizations perform their application testing far too late in the development process, application security consultant Jeff Williams wrote in a recent article for BankInfoSecurity. The tests are also generally handled by application security teams rather than developers directly, which means that the results are often never handled by the team with the most power to change things.
“Developers need feedback immediately; otherwise, the opportunity to learn from mistakes is almost completely lost,” Williams wrote.
These same issues are holding back security across entire application portfolios, leading many companies to focus solely on web applications, Williams added. However, given the shifting boundaries between internal and external applications, there’s no telling where a security weak point may lie. Companies should institute testing, automated verifications and standardized defense policies to enhance application security. Not only will such an approach strengthen against attacks, it will streamline agile development and simplify the work of developers.
“Standard defenses make application security better and easier to verify,” Williams wrote. “Application security programs shouldn’t be primarily about finding vulnerabilities; they should focus on making it simpler for developers to write secure code. Standardizing defenses at the enterprise architecture level speeds secure development and enables agility.”
Using a secure development approach that incorporates tools such as static analysis and peer code review can help companies ensure that developers receive security feedback right away and simplify the security process. In this way, bottlenecks that might otherwise occur as code bases or application portfolios get too large can be more easily managed. Given the threat of software glitches and security failures, using such methods can be an important way of staying on top of an application environment that continues to grow in complexity.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.