The so-called zero-day exploits (security vulnerabilities found in the brand-new software) attest how fragile software can be. Programming code is the blueprint of any piece of software; the DNA gives it life. So, what happens if your code has a vulnerability? A single line of vulnerable code will turn the whole program into a security liability.
If you peruse the tech headlines of the last twelve months, you’ll see just how frequent it is for fragile pieces of code to become the focus of an exploit by unauthorized users. Let’s face it: it happens constantly, and the press loves to cover it.
And this isn’t a problem pestering the more petite guys in the software business. The digital universe knows nobody bigger than Google and Apple. Both had to report vulnerabilities in their respective operating systems. Even the pioneering Red Hat, now an IBM subsidiary that provides a Linux distro for commercial clients, had to report a vulnerability within its Linux Enterprise version, which was being exploited–Linux exploits are rare, so it was more important news.
Here’s the thing about security: adequate security is not about applying patches. It’s about adopting an integrated approach in which security priorities are hard-wired to every step of the process from the very beginning. Consequently, having secure software starts early when the initial code is being written. Even at that time, the code writers need to have security in mind and ensure that the final product will be secure.
In other words, security starts with the source code. To understand this, let’s explore in further detail the concept of secure coding, its relevance, and how to get it right.