Code review bridges security gaps

Code review bridges security gaps

on Aug 3, 14 • by Chris Bubinas • with No Comments

Since cyberattackers and so many other threats are constantly lurking in the shadows of the Web, it is now all the more crucial that programmers and their organizations exercise caution and move toward more conscientious code review and analysis practices...

Home » Code Review, Software Security » Code review bridges security gaps

In this high-pressure business environment, developers are not only tasked with creating powerful software solutions, but also ensuring that their code is without errors that could result in serious malfunctions and security issues. Since cyberattackers and so many other threats are constantly lurking in the shadows of the Web, it is now all the more crucial that programmers and their organizations exercise caution and move toward more conscientious code review and analysis practices. It is nearly impossible to be too careful when it comes to making sure that software is structurally sound for functionality as well as its ability to withstand the persistent and dynamic efforts of hackers and malware from across the digital landscape.

Addressing the human element
Even the most hard-working and talented programmers are prone to committing errors that could have disastrous consequences for their firms and those who leverage the flawed software. Acknowledging this fact can motivate organizations to instill more rigorous measures in an effort to boost code quality and bolster security standards.

According to ARN, McAfee chief privacy officer Michelle Dennedy recently claimed that human error was the primary factor in each of the top three digital vulnerabilities that companies face today. The source pointed to targeted point-of-sale malware attacks, software coding errors and internal misuse of customer information as the main cybersecurity threats, each of which can be addressed with increased diligence. 

"We live and work in a digital, IP-connected world where privacy and security vulnerabilities cannot be completely programmed out," said Dennedy, the news source reported. "That being said, the best course of action is to plan for the eventuality of errors by building a privacy infrastructure that places protecting customer data at its heart, and provides clear policies and guidelines for employees who are in charge of managing this type of information."

Developers keep their guards up
Despite heightened levels of customization and a greater emphasis on in-house development, there is still no substitute for an in-depth code review process when it comes to creating and testing new software, ARN noted. In the case of POS security, Dennedy explained that even a highly tailored system cannot stand up to the ever-evolving threat matrix that plagues so many retailers in this day and age. Cautious development and review practices remain a key element of any business' network configurations, especially in customer-facing settings.

"We've found that retailers are falling into a 'security by obscurity' trap – they mistakenly believe that their POS system is so customized to their particular business requirements that it would be too difficult for hackers to bypass the controls and access the system," Dennedy said, according to the source.

For those seeking new ways to strengthen security and address human error, open source software has also been shown to have a positive impact on the way developers create, test and review their programs, PC World recently noted. The source pointed to the eighth annual Future of Open Source Survey, to which 72 percent of respondents said that the platform provides better cybersecurity than proprietary software. 

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scroll to top