AI Magazine August 2022 | Page 31

Three security pitfalls every software business can avoid

Secure software is critical for business success today . Here are some common pitfalls every software team can watch out for .
1 . Security as an afterthought Having developers create code and involve security at later stages in the development cycle is a losing battle because of the high speed and volume of releases . This approach keeps vulnerabilities from being discovered until it ’ s too late — resulting in vulnerable code being pushed to production .
Solution : Shift security left and scale security efforts to cover all applications , starting from the early stages of development .
2 . Silos and Developer-Security friction For developers , issues raised by security might not matter for dayto-day development or may include feedback on a finished project . Fixing these issues only adds stress around rescheduling sprints and effort — making security a roadblock for innovation . For security teams , it can be challenging to explain security risks to developers who don ’ t have years of security expertise . In the end , poor communication leads to less collaboration and empathy overall . integrating tools into your developer workflow . Promote discussions and asynchronous collaboration between both teams .
3 . Security as a checkbox exercise The difference between formal security policies and how they ’ re put into practice can be confusing and make prioritizing security issues even more complicated . This leads to bad habits like valuing quantity over quality , assuming that developers will fix every logged security scan result , or not measuring value to provide evidence that security improvements are being made .
Solution : For an immediate fix , focus on pushing a limited number of real security issues instead of sharing a flood of false positives . On a larger scale , look for security tools that can “ codify ” new security issues and prevent them from ever being merged into a production branch . Remember : your security tools should actually improve your code .
Learn more at github . com / learn / security or contact our Sales Team
Solution : Make security part of development by