The Top Five Furphies Developers Tell Themselves About Secure Coding: An Aussie Perspective
G’day, Andrew and fellow tech enthusiasts. Let’s chew the fat about a topic as critical as a Wallabies vs. All Blacks match: secure coding. Despite it being 2023, the sad reality is that a large chunk of software devs aren’t taking this as seriously as a magpie during swooping season. As a cybersecurity professional, I reckon that’s more misguided than a kangaroo on a pogo stick. So, let’s debunk some of these dodgy beliefs, shall we?
1. “She’ll Be Right, Secure Coding Costs an Arm and a Leg”
First off, if you’re thinking that secure development will leave your budget looking emptier than a Darwin pub during a cyclone warning, think again. Recent stats from a Trust in Computing survey indicate that 34% of developers worldwide skip secure coding due to cost. But here’s the snag: have you tallied up the financial bushfires you’ll need to put out when insecure software slips through the cracks? Trust me, it’ll cost ya heaps more in the long run.
2. “No Worries, Security Slows Down Our Agile Sprint Faster Than Vegemite on Toast”
So you’re in a rush, and secure coding feels like it’s doing a Harbour Bridge crawl during peak hour. But remember this, cobbers: haste makes waste. Cutting corners on security is like building a house on stilts in a flood zone; it’ll come back to bite you. The time you “save” will eventually get spent on costly do-overs. So, why not do it right the first time?
3. “The Big Wigs Don’t Reckon It’s a Biggie”
Ah, the age-old blame game: “The higher-ups don’t care, so why should we?” Look, if the folks at the top are more laid back than a sunbathing saltie, it’s time for a culture shift. Insecure software can make your company as vulnerable as an Aussie cricket team facing spin bowlers. Implement secure practices from the top-down, or be prepared to cop it sweet when things go pear-shaped.
4. “We’ve Got a Firewall, Mate, We’re as Safe as a Koala in a Gum Tree”
Oi, listen up. Thinking a firewall makes you invincible is like believing your budgie smugglers make you an Olympic swimmer. Firewalls can be complex and flawed. One wrong rule in the configuration, and you’ve got a hole in your defense wider than the Nullarbor Plain. Properly set up your firewall and practice due diligence in its administration, or you might as well hang a “Welcome Crooks” sign on your server.
5. “We Use the ‘Seek and Ye Shall Find’ Tactic for Security”
Utilising a “find and fix” method for your code’s security? That’s as effective as trying to find Nemo in the Great Barrier Reef with a toy snorkel. The aim should be to nip those vulnerabilities in the bud during the development phase, not post-launch. The earlier you catch those dodgy bits, the more you save on time, stress, and, most importantly, moolah.
So, there you have it—five common myths about secure coding, debunked faster than you can down a Tim Tam Slam. Let’s focus on making secure coding second nature, just like snagging a sausage at Bunnings on a Saturday arvo. After all, the best defense is a good offense, and that starts with each and every one of us developers.