How can software quality help enhance information security?
rogeriolord
May 5
3 min read
We all know that as the Internet of Things (IoT) and digital transformation make life more convenient and productive, these technologies also attract far-reaching cyber threats for everyone—not just large companies, but also small businesses and individuals. Learn how software quality can help enhance information security.
From stealing bank accounts or consumer financial data to hacking public services or even nuclear plants, threats are all around us. As a result, security is a major concern for most companies, and CTOs, CIOs, and software engineers must remain vigilant in developing high-quality programs that incorporate information security.
In fact, the high security requirements of industrial IoT systems represent the number one challenge for developers. “In today’s technology environment, application security testing for vulnerabilities and flaws in software code should be a best practice in security, regardless of the organization’s size or industry,” said Chris Wysopal, co-founder and CTO of Veracode, a software security company.
In a recent Veracode survey of IT decision-makers involved in cybersecurity, 83% of respondents said they had released code before testing or fixing security-related bugs. And an IBM report titled "The State of Mobile Application Insecurity" found that one-third of companies weren’t even testing their mobile apps for security vulnerabilities.
It’s alarming that while attacks on corporate assets are increasing every year, application and software development security still lags behind—and is often greatly neglected.
What prevents someone from hacking into an online system or software application and stealing data or gaining access to critical processes? Both threats and solutions rely on software, and many software development professionals are well aware of this situation.
One of the best lines of defense is secure development with a focus on quality assurance, testing, and code review. In fact, software developers—whether internal or outsourced—can be your company’s front line of defense, as long as they maintain a security-focused mindset.
How to verify the software development process?
There are several ways developers can test and verify code. For example, they can use static application security testing (SAST) tools or dynamic application security testing (DAST) technologies, or engage in manual visual testing.
Some experts even advocate for stronger software security by intentionally playing the role of an adversary—an approach often called white hat testing. These experts search for security vulnerabilities used by attackers to bypass controls.
Looking back, software development teams before the 2000s—a technological milestone marked by the rise of home computers—rarely performed code reviews. Today, this is expected, and professionals should always do it—so much so that software developers have greatly improved in this area to take on greater responsibilities for ensuring application security.
According to a Veracode survey from December 2016, 40% of developers now incorporate security testing during the coding phase, and 21% during the design stage. Testing early in the development process catches code defects at a point when fixes are still inexpensive, which leads to cost savings.
While it’s crucial to focus on information security during software development, the limited talent pool complicates matters: there aren’t enough professionals to keep up with the growing threats. In fact, finding and retaining good software development talent is already a challenge—let alone retaining security-focused professionals.
As challenging as it may be to find software development professionals—especially those who take security seriously—the right kind of professionals and engineering teams do exist: outsourcing is a solution. Many high-quality software development providers have the necessary security-focused mindset.
However, when outsourcing software development, be sure to hire a trustworthy team that truly prioritizes security. Ensure your provider is proficient in security by discussing it from the very first interaction. Ask potential outsourcing partners to provide examples of how they prioritize security and find out what quality control codes and testing methods they use. Also, ask them to demonstrate that they are up to date with the latest testing and quality assurance practices.
Comments