…do you get it checked?
It may seem a strange thing to think about, surely the programmers know how to produce secure code? But recent research has shown that even the biggest organisations have coders who continuously leave valuable credentials embedded in their public facing apps. These transgressions often arise through the coders setting the credentials up for their convenience during the development process and then “forgetting to remove them” – read there, they should have made a note in red ink to do that. It also seems that these major mistakes in cyber security slip past the organisation’s cyber security experts.
Developers can’t seem to stop exposing credentials in publicly accessible code | Ars Technica
That brings us to smaller organisations. What do you do the make sure this type of error does not happen to you?
I am in the process of writing a short series of articles in collabroation with a professional, experienced programmer to offer some guidance to small organisations who want secure custom software. Watch this space.
Clive Catton MSc (Cyber Security) – by-line and other articles
