Episode 6. Secure Coding — Documenting Software Risks
→ Documenting the designs, development and tests is part of the development process.
→ Documenting security decisions is also important.
→ One of the important things to document is how we will deal with the security bugs in production.
→ This is true there is a full-blown vulnerability plan handled by the VAPT (Vulnerability Assessment Penetration Testing) team.
→ We should at least have a plan to prioritize and fix production security bugs and route them to our development process.
→ When security bugs arise, we will be prepared for better security bug fixing.
→ We should also plan to document risks in a risk register. The purpose is not only to document risk but to reduce risk when arises.
→ This is very valuable to a team when trying to determine where the risks are in your application — in your planning session and design review.
→ Having risks documented will give a foundation when it is time to re-evaluate the risks.
NOTE: It is a good practice to document security bugs, developers learn from it.
→ A generic format for the Risk Register document. This document varies from project to project.
Video:
Closing Thoughts:
Documenting potential risks of the software in the initial stage is important and will save us when security threats arise
Risk number, test name, dependency package, and file system use cases should be mentioned here.
Thank you for reading till the end 🙌 . If you enjoyed this article or learned something new, support me by clicking the share button below to reach more people and/or give me a follow on Twitter and subscribe Happy Learnings !! to see some other tips, articles, and things I learn about and share there.
