Paul Farrington, Chief Product Officer, Glasswall
This week is National Coding Week, and I’m sure many people in the IT industry would agree that there's probably never been a more exciting time to create software. Alongside the huge array of exciting possibilities out there and freedom of choice for developers, there’s also a growing range of security risks.
With development teams increasingly using open-source components or frameworks to accelerate speed of software coding, it can expose the project to “Prototype Pollution” which targets JavaScript projects. A way to combat this would be turning on automated scanning of 3rd party components so any vulnerable code is flagged immediately.
However, one of the most important areas of software development is to focus on the benefits of achieving 'secure by design' by giving developers security tools they need at the time they are writing code. Deploying security tools later, when the coding process is well underway or has even been completed, is simply too late. Unfortunately, it’s also quite common, and there remain too many circumstances when security is then added as something of a coding afterthought.
Where a vulnerability is detected, for instance, developers should be given an immediate solution to address the issue. This may seem obvious, but far too often security solutions are great at identifying problems but don’t always provide the help needed to deliver a fix. Development teams should demand more from their security tooling, so this week, my message to security teams is to focus on being solution architects, not problem architects.
This is the heart of the proactive approach we take to cybersecurity at Glasswall. By giving users a ready-formed solution that returns files to a known-safe form - as opposed to just identifying a problem - it becomes possible to minimize risk whilst avoiding being slowed-down by security.
In today’s agile, software-centric organizations, that’s a vital capability. To read more about Glasswall Content Disarm and Reconstruction solutions, click here.