Skip to main content

Secure code training tops 2021 software development agendas

There’s a highly contested debate lingering throughout the software development community that, surprisingly, does not stem from the global pandemic — whether functionality or performance ranks priority one when talking about secure coding.

In the rush to meet software development needs, there is a general acceptance that although “secure code perfection” is the goal, achieving “total” perfection is not realistic (people make mistakes, requirements change and aren’t remediated, etc.). Therefore, if perfection isn’t attainable, is the functionality of code (does the code do what it has been asked to do) or the performance of code (readability, modularity, elegance, etc.) of paramount concern?

A foundational aspect of enterprise and mobile application development, secure coding intends to ensure that code is as clean as possible. Error-free code protects the entire software development lifecycle from defects, bugs and intelligence flaws that result in security vulnerabilities. Even the smallest programming mistake can cause a large scale security breakdown that negatively affects deployment and application success, ultimately leading to compromised intellectual property and data.

RELATED CONTENT: 2020: Security issues increase as the world suddenly becomes more digital

A commitment to secure coding principles can be driven from anywhere within an organization, as many players have a direct hand in enterprise and mobile software application success. While IT often “gets a bad wrap” for being inflexible and controlling when it comes to what to/not to do by way of security, it’s critical that every layer of the software development team (from the CTO/CSO to AppSec Managers and Developers, to those on the business and customer-facing sides) proactively strive to eliminate (or at the very least reduce) software vulnerabilities. 

However, if those programming on the front lines don’t have the proper skills, as well as the necessary training support, to ensure code created is as close to “perfection” as possible, the initiative is set to fail before it even begins (i.e., whether the code is functional or of high performing won’t matter anyway). Herein lies the conflict that ripples throughout development teams (when it really shouldn’t) and why proper training is becoming the non-negotiable response to the question of what matters most.

Training yields better code, and lower cost and risk
Most are aware of the estimated cost of software bugs (upwards of $60 billion according to the Department of Commerce’s National Institute of Standards and Technology), while the high calculated level of risk is immeasurable. 

We also know that where (i.e., at what point) in the software development lifecycle a bug originates can affect remediation efforts, as well as the overall cost and risk that follows. Developers must do their part by aiming to create the most accurate and secure code as possible, which means adhering to AppSec requirements set by the organization and industry standards bodies. 

While the onus is on companies to hold code to the highest caliber, they can’t assume developers “just have” the necessary know-how to make it so. Programmers out of college are hardly taught the value and practice of secure coding, and how it remediates vulnerabilities. 

Providing continuous opportunities for DevTeam skill-building and advanced training as part of a company’s secure code objectives, as well as tying defined AppSec priorities to performance metrics, make a significant difference in motivation, performance and security integration. In addition, programmers gain an equal knowledge base that endorses an environment where they, too, can spend more time writing and deploying good code, rather than fixing errors.

Gamification a key training strategy
Certainly, integrity should be a characteristic of all developers (i.e., companies want functional code, performs well and is of high quality) but companies still find themselves challenged to ensure everyone with a role in the enterprise software and application lifecycle shares the same level of commitment to coding ideals. One strategy working well for distributed and hybrid teams is gamification. Generally speaking, coders tend to like competition and it goes deeper than just the desire to earn top spot on a leaderboard. Self-proclaimed techie and gamer Brent Hale sums up the benefits of coders that game quite nicely in the article, “6 Reasons Why Programmers Should Start Playing Video Games.” 

As integrating gamification concepts into secure coding principles is helping developers become more security-aware, the market is responding with growth of companies that offer such services and solutions. For example, Secure Code Warrior offers ways to improve secure coding skills and outcomes through tournaments, courses, assessments and more. While companies can’t expect developers to be security “experts,” they can certainly require them to become security “champions” as the first line of organizational defense.

Virtual training considerations
Today’s mid-pandemic reality means teams are even more distributed than before COVID created mandatory remote work environments. Enterprise-level training classes were affected, too, as gone now are the days of in-person classes. We’ve ushered in a modern era of virtual, online eLearning formats and companies are pleasantly surprised by the value generated from the ability to learn with anyone, from anywhere, at any time. 

When considering the “learners” involved with secure code training (developers, designers, data scientists, testers, etc.), be mindful that they will know, very quickly, whether or not what they’re experiencing is delivering value. They’re also intimately familiar with technology in a way that the average business user is not. 

Therefore, it’s important for CTOs, CIOs, CHROs and VPs of Engineering to run training and development courses on the most modern, efficient, easy to use eLearning platforms available. While an array of models (e.g., online, distance and/or remote learning) are accessible depending upon the type of instructor/learner/content needs, it’s important to consider a few key objectives when creating virtual secure coding training programs:

  1. Implement training through a cloud-native model,
  2. Establish secure coding parameters and performance expectations at the outset, 
  3. Have flexibility in teaching methods and time management to meet various learner styles,
  4. Make remote learning fun and flexible for the learner and instructor,
  5. Increase engagement levels with smart tools that support metrics and accountability, and
  6. Structure coursework to meet unique hard and soft skill development. 

In addition, it’s critical to note that while convenient for general day to day communication, the rudimentary nature of mainstream audio, video and/or chat collaboration tools (Zoom, WebEx, Google Meet, WebEx, Slack, etc.) are not sufficient platforms on which to execute quality, virtual eLearning training and development programs that will drive desired secure coding results. 

Clearly, code functionality and performance are both important. 2021’s increased investment in secure code training and development will reinforce that, but place the greatest emphasis on creating the cleanest code possible to thwart security vulnerabilities that lead to cyberattacks and compromised data assets. 

The post Secure code training tops 2021 software development agendas appeared first on SD Times.



from SD Times https://ift.tt/3pnYZlo

Comments

Popular posts from this blog

Difference between Web Designer and Web Developer Neeraj Mishra The Crazy Programmer

Have you ever wondered about the distinctions between web developers’ and web designers’ duties and obligations? You’re not alone! Many people have trouble distinguishing between these two. Although they collaborate to publish new websites on the internet, web developers and web designers play very different roles. To put these job possibilities into perspective, consider the construction of a house. To create a vision for the house, including the visual components, the space planning and layout, the materials, and the overall appearance and sense of the space, you need an architect. That said, to translate an idea into a building, you need construction professionals to take those architectural drawings and put them into practice. Image Source In a similar vein, web development and design work together to create websites. Let’s examine the major responsibilities and distinctions between web developers and web designers. Let’s get going, shall we? What Does a Web Designer Do?

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 20