Safety Assume Tank: Why “safe coding” is neither


There’s a bit of little bit of a lure typically that may come up in the best way that people perceive and course of language. Particularly, typically we take the which means of a phrase or phrase without any consideration. By this, I imply we use a time period which means a given factor, just for these listening to us to know the time period in a totally totally different approach.

That is counterproductive when it occurs in day-to-day communication, however could be harmful within the context of risk-impacting disciplines corresponding to cyber safety, assurance, and governance. In these conditions, it will possibly create danger.

I deliver this up as a result of usually we hear about methods to make sure “safe coding” in organisations that creator and keep software program as a part of their enterprise, both for inner or exterior use. It’s essential as a result of, frankly, most companies fall into this class these days. Whereas it’s pure to debate the challenges of software program danger this fashion, I imagine the time period “safe coding” itself presupposes a context that makes the supposed finish state really more durable to realize – at the very least when taken actually.

And I don’t imply this simply in a semantic sense. For instance, I’d argue that understanding why that assertion is true has precise, tangible, sensible worth. It speaks to the basis explanation for why many organisations battle with utility and software program danger, and it highlights sensible steps organisations can take to enhance. With that in thoughts then, let’s unpack what precise software program danger discount targets are, and the way greatest to impact them as we fulfil our necessities to develop and publish software program safely and resiliently.

Software program growth safety vs. danger discount

The very first thing to unpack is the supposed finish state of what we imply by “safe coding.” In my view, there are a couple of totally different, associated targets often supposed by this time period. First, by “safety” on this context, people usually imply two issues:

  1. Using utility structure and design patterns that foster danger discount principals (e.g., confidentiality, integrity and availability)
  2. Creating software program that’s resilient to assault (e.g., through avenues like vulnerabilities and misconfigurations) 

Each of these items are, in fact, extremely essential. Spend a while speaking to utility safety practitioners they usually’ll, rightly, spotlight to you Barry Boehm’s well-known work in regards to the economics of discovering and fixing vulnerabilities early within the growth course of. They’ll, rightly, clarify to you the worth of instruments like utility risk modeling that may be delivered to bear to know what and the place safety design points are in software program. The lure is that these items, essential as they’re, usually are not the whole lot of what we is perhaps serious about in relation to decreasing danger in software program. For instance, different issues we is perhaps serious about at the very least equally might embrace:

  • Maturity – guaranteeing processes are mature in order that they’re resilient to worker attrition and in order that outcomes are constant
  • Transparency – guaranteeing transparency within the provide chain of the elements and libraries that our merchandise in flip depend upon (and having the ability to present that transparency to prospects)
  • Compliance – make sure that we’re compliant with the assorted (business and open supply) licenses we use in growing our software program
  • Design simplicity – does the design lend itself to being simply understood and evaluated

And so forth. In truth, these items are solely the tip of the iceberg of issues that may and do impression software program danger as a sensible matter. You might simply as simply embrace issues like: health for function, design rigor, supportability, testing protection, code high quality, time to market, and quite a few different issues that impression the dangers related to how we design, develop, take a look at, deploy, keep, assist, and in the end decommission our software program.

By way of this lens, the query we ought to be asking isn’t about “safety” in any respect – however as a substitute danger discount (of which safety is a subset, albeit a big and essential one.)  Tying software program issues simply to safety narrows the set of stakeholders, it narrows accountability, and it modifications the dialogue. Against this, protecting the give attention to danger means everybody – even these removed from the software program growth universe – have an important position to play.

The software program lifecycle

The second factor I’d name your consideration to is the “coding” factor of the phrase. Sure, coding is essential. However similar to “safety,” it’s solely a bit – although a big one – of the lifecycle concerned in growth of software program. Think about how software program is generally designed and what number of totally different steps are concerned. Whereas particular person software program growth lifecycles (SDLCs) would possibly describe them in a different way, at a excessive degree you might need steps – within the summary anyway – much like the next:

  • Identification of want
  • Ideation/Inception
  • Necessities gathering
  • Design
  • Growth
  • Testing
  • Deployment
  • Assist
  • Upkeep
  • Decommissioning

This can be a lot of steps. And also you’ll discover that every of them might themselves be additional damaged down into myriad particular person sub-steps. For instance, a step like “testing” can embody (relying on SDLC in use, context, and many others.): unit testing, practical testing, regression testing, efficiency testing, safety testing, and any variety of different particular person gadgets. What number of of those contain simply “coding” vs. what number of don’t however are nonetheless vital to making sure a sturdy product on the finish?

In different phrases, there are a legion of attainable methods for stakeholders concerned at any stage of this course of to both introduce or mitigate dangers relying on the processes they comply with, their coaching, their consciousness, and quite a few different elements. Because of this a risk-aware program designed to scale back, handle, and mitigate software program danger must account for all of them and, wherever attainable, bolster these actions that favor danger discount outcomes. Level being, whereas coding is arguably probably the most “seen” step alongside the software program growth and launch course of (at the very least internally), it’s additionally not the one place the place we must always focus. 

As you’d anticipate then, your utility – or software program relying on most well-liked parlance – danger  administration efforts ought to embrace the entire lifecycle. This by extension means two issues: 1) that you simply perceive and account for the entire lifecycle holistically, and a couple of) that you simply lengthen your planning to incorporate areas outdoors growth that nonetheless maintain a stake. Embody and deputize testing personnel, enterprise analysts, undertaking and product managers, assist groups, gross sales, advertising and marketing, HR, and authorized – deliver them below the umbrella of caring in regards to the safety of what you construct. 

As I mentioned on the outset, this isn’t simply in regards to the semantics (although granted I’ve framed it that solution to illustrate the purpose.) As a substitute, it’s about understanding that danger is impacted by the whole lot of the processes surrounding software program growth and that danger extends properly past what we historically would possibly are inclined to give attention to when issues like vulnerabilities. 

Why is it not simply semantics? As a result of it speaks to one thing larger that’s extremely essential. In Ends and Means, Aldous Huxley as soon as famously mentioned that, “The top can’t justify the means for the straightforward and apparent purpose that the means employed decide the character of the ends produced.” His level was that how we do one thing determines, in giant diploma, what the top state shall be. Extending that to software program growth, I’d argue that disorganised, immature, and “slapdash” growth processes will inexorably produce software program that’s extra shoddily designed and extra poorly carried out than would in any other case be the case if a extra sturdy and disciplined course of have been adopted as a substitute. This in flip means, we goal targets past safety and we embrace processes past writing code.

Supply hyperlink