Sandhya is a program manager in California.
Everyone in the software industry should be aware of the importance of building safe software. Creating a product means not only addressing customer needs, but also security. These essential requirements should not be an afterthought; they must be built into the product.
But even when engineering teams follow best practices and work on incorporating security requirements into the product, companies still see an influx of reported issues.
Internally reported issues
- The product core team is looking into an issue and discovered a security bug.
- Companies often use software internally before rolling it out ("dogfooding”). An issue may be discovered during this time. There are several use cases and personas on how the product can be used. It’s impossible to cover everything in testing, so when the product is used across various groups, people have different approaches. Internal employees across different teams may use different personas and execute different code paths. This mimics “real life” testing and helps identify issues that can be addressed before the product is out in the market.
- There are various security tools that do static code scans. Most of these tools need to be configured and provide a list of issues that need to be sorted for false positives.
- Big companies have internal groups that are dedicated to …
Please log in or sign up below to read the rest of the article.
ADVERTISEMENT
Published at Wed, 06 Feb 2019 05:00:00 +0000
