Chapter 10: Software Development Security - Intro

I want to begin my blog on this chapter by saying that I am very excited about broadening my knowledge of this area of security. I find software development very interesting, and I hope to one day become a software developer. To begin this chapter, I want to talk about the main reasons why insecurities within actual software exists, why this is concerning, and why software needs to be built in a secure manner, especially in today's world. In the past, security was not really an issue when it came to software development. There were not as many malicious attacks, and the technology was no where near as advanced as it is now. This is a problem because a lot of this "old" software is still in use. Another reason why insecurities exist is because the people that are in charge of keeping things secure often do not have a development background. To add to this, many developers to not view security as the most important element in software. At the end of the day, they are more concerned about what the software's functionality. If a company is trying to get to get their product to market and make money, do you think they always take all the necessary steps in order to be sure the product is as secure as possible? The short answer is, absolutely not. It has become a sort of standard for software to have flaws when it comes to the user, with fixes coming at a later date. Last, customers cannot control the software they buy. This is why perimeter protection of software is so important. As an everyday user, you really never know how secure the software is that you are running...until something bad happens. While perimeter protection is great and highly necessary, in my opinion, security should be just as important as functionality for the modern day developer. We are so reliant on computers these days, it would be absurd to let security fall behind functionality. Think of it this way. Would you want to live in a house where it was not possible to lock your doors? Heck no! That would be a security threat. The same applies for software. You don't want to purchase or use something that was not made with security in mind.