Software development is a complex task which involves knowledge, analytical and logical thinking, and patience of a developer or team. Software development has benefited not only organizations but our society as a whole. Globalization is becoming the norm for many organizations. Many mission critical systems are operated using software, and from the convenience of our home, we can shop, pay our bills, stay in touch with our friends and family, etc.
With the advancement of information technology, adversary also have the advantage of using various tools and applications to cause harm to an organization or an individual. A growing number of attacks uncover or exploit vulnerabilities in the existing softwares. CWE provides a useful repository of current software weakeness with the aim of educating developers, security practitioners, etc. [2]. Even though, there is rise in awareness that security should be integrated from the initial phase of software development, still many companies think about functionality and skip security, and run into trouble when moving the software into production environment. This mindset is usually due to limited availability of time, resources, or lack of knowledge.
Without incorporating secure practices from the beginning there might be many vulnerabilities in the software. Releasing patches to secure the software in production environment is not the answer. Proper software development and secure coding practices needs to be in place from the initial planning phase of software development in order to combat existing threats. The developers needs to be aware of the existing threats and vulnerabilites, establish a secure coding and development mindset. OWASP provides general secure coding practices which can be used as a guide and incorporated into the software development lifecycle [1].
Bibliography
[1] “The OWASP Secure Coding Practices, https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide”.
[2] The Mitre Corporation, http://cwe.mitre.org