SECURE CODE - HOW TO KEEP RUSSIA OUT OF OUR SYSTEMS

 

Have you ever used a software or application that would randomly freeze up, slow down, or unexpectedly crash? This is due to bugs in the software, it happens when software is developed too quickly, is too complex, and does not undergo a software testing cycle, peer review, or quality review. Because of the pressures on businesses to accelerate their workflows, the software development process behind this acceleration can tend to suffer; resulting in the introduction of software errors known as bugs (BairesDEV, 2021). Many people don’t know that not only are bugs a nuisance within the software application itself, but they can also introduce vulnerabilities that hackers can exploit to wreak havoc on computer systems.

Last year hackers believed to be backed by the Russian Intelligence Service (SVR) planted a bug into the network monitoring software known as Solarwinds, they introduced this code during the software development cycle and used it to launch a massive cyber-attack against America (Temple-Raston, 2021). It is estimated that 18,000 Solarwinds customers downloaded the malicious code, to include Microsoft, Intel, Cisco, the United States Treasury, the Justice and Energy Departments, the Pentagon, the Department of Homeland Security, and even the Cybersecurity Security Agency (CISA), whose jobs it is to protect computer networks from cyberattacks. To understand what a remarkable feat this was, it is important to know that finished software code has a type of digital factory seal, one that customers believe to be safe, unaltered, and free of any malicious code. The hackers took advantage of the software development process, and implanted a small piece of code into the Solarwinds software while an update was compiling, completely bypassing human detection (Temple-Raston, 2021). The total damage done by this hack is still being determined and may not ever be fully understood.

The Solarwinds hack helped shed much needed light on why it is so important to produce bug free code. Thankfully there are a number of ways to help make sure bugs aren’t introduced to the software development process.  The first way is to write testable code, write it so that it fails the test, watch it fail at least once, then write the code to pass the test, repeat this process to make sure quality assurance is introduced into the software development process (Sachedina, 2019). Keep code simple, complex code is bound to be error ridden, avoid using huge code commits, use smaller, concise code commits, and this makes code easier to test. Split the code up into separate individual modules, this makes sure you can test the code individually and is less complex. Take compiler code warnings into account, don’t ignore them, these warnings may indicate bugs in the code. Take your time and regularly test your code. Finally, implement effective coding standards that help standardize code development, this helps avoid common pitfalls that can and often do lead to bugs (Sachedina, 2019).

Also, writing secure software will keep hackers from exploiting vulnerabilities within the code. This can be done by:

·        Validating all input from untrusted data sources

·        Compile code while using the highest warning level available for your compiler

·        Architect and design your code to meet security policies

·        Keep the code simple, not complex

·        Default deny permissions and base access on permission rather than exclusion

·        Use the least privilege principle

·        Sanitize the data sent to other systems

·        Practice defense in depth

·        Use effective quality assurance techniques

·        Adopt a secure coding standard

Unfortunately it is near impossible to write a code to use on a system that is free of vulnerabilities. However, by adopting policies and procedures that helps keep your code bug free and secure, a lot of these vulnerabilities can be prevented in advance, keeping data and systems safe from cybercriminals.

 

 

References

Carnegie Mellon University. (2018, May 2). Top 10 Secure Coding Practices. Confluence. Retrieved February 19, 2022, from https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices

How to reduce bugs in software development. BairesDev. (2021, June 23). Retrieved February 19, 2022, from https://www.bairesdev.com/software-development/how-to-reduce-bugs/

Sachedina, F. (2019, December 2). Quality begins with code: 10 ways to reduce software bugs. Simple Programmer. Retrieved February 19, 2022, from https://simpleprogrammer.com/reduce-software-bugs-quality-code/

Temple-Raston, D. (2021, April 16). A 'worst nightmare' cyber attack: The untold story of the solar winds hack. CPR News. Retrieved February 19, 2022, from https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack