The most popular and comprehensive Open Source ECM platform
Small groups of programmers tend to produce the most secure code, compared to programmer groups of more than 20 contributors, according to the 2017 CRASH Report. But the problem is that when software grows big, small groups of developers can’t manage all of the code.
Bill Curtis, chief scientist at CAST Software, said that “applications have gotten so big and complex that no single team can understand it all. It might have five or six languages, multiple databases, CRM systems, and you can’t understand all the interactions. That leaves teams making assumptions that in many cases are wrong.”
Javvad Malik, security advocate at AlienVault, described three factors for developing secure code:
- Developers need to be trained how to code securely
- Developers need access to testing tools to do both static and dynamic testing and identify problems early
- Third parties should be involved to conduct security tests.