7 Tips for Securing the Software Development Environment

Recent attacks have highlighted the need for organizations to pay closer attention to the hardware, software, and networks used in software development.

Jai Vijayan, Contributing Writer

August 24, 2021

8 Slides
Laptop floating in space

Already have an account?

ZinetroN via Shutterstock

The attack disclosed by SolarWinds last December and others like the one on Codecov earlier this year focused a lot of attention on how organizations can mitigate risks via the software supply chain. Considerably less attention has been paid, however, to how organizations can protect their own software development and testing environments against similar breaches.

As the attacks demonstrated, software development environments are an attractive target for threat actors. Protecting these environments is critical to reducing the risk of an attacker carrying out a variety of potentially different actions. This can include stealing encryption and access keys, passwords, and intellectual property, according to the UK National Cyber Security Centre (NCSC).

Other risks include attackers embedding malicious code into a development project, using a development system to attack the build and software deployment pipeline, and harvesting information on how sensitive applications work for use in future attacks, the NCSC has noted.

Following are seven tips for protecting your development environment and continuous integration/continuous development (CI/CD) pipeline against attacks and compromises.

About the Author

Jai Vijayan, Contributing Writer

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

See more from Jai Vijayan, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A woman sitting at a laptop and holding a mobile device, the screens of both displaying a green check mark in a circle
Cyberattacks & Data Breaches
Researchers Crack Microsoft Azure MFA in an HourResearchers Crack Microsoft Azure MFA in an Hour
byElizabeth Montalbano, Contributing Writer
Dec 11, 2024
4 Min Read
The words "zero-day" written in a line of code on a computer screen
Application Security
Microsoft NTLM Zero-Day to Remain Unpatched Until AprilMicrosoft NTLM Zero-Day to Remain Unpatched Until April
byJai Vijayan, Contributing Writer
Dec 9, 2024
3 Min Read
A patchwork quilt
Application Security
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch TuesdayMicrosoft Fixes Active Zero-Day, Critical RCEs on Patch Tuesday
byTara Seals, Managing Editor, News, Dark Reading
Dec 10, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers