Secure coding

Secure coding is the practice of developing computer software in such a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.[1] Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.[2]

Some scholars have suggested that in order to effectively confront threats related to cybersecurity, proper security should be coded or “baked in” to the systems. With security being designed into the software, this ensures that there will be protection against insider attacks and reduces the threat to application security.[3]

  1. ^ Viega, John; Gary McGraw (2001). Building Secure Software: How to Avoid Security Problems the Right Way. MAddison-Wesley Professional. p. 528. ISBN 978-0201721522.
  2. ^ Taylor, Blair; Azadegan, Shiva (2006-09-22). "Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum". Proceedings of the 3rd annual conference on Information security curriculum development. InfoSecCD '06. Kennesaw, Georgia: Association for Computing Machinery. pp. 24–29. doi:10.1145/1231047.1231053. ISBN 978-1-59593-437-6. S2CID 2452783.
  3. ^ Russell L, Jones (Dec 2004). "Secure Coding: Building Security into the Software Development Life Cycle". Information Systems Security. ProQuest 229507883.