7 Tips for Securing the Software Development Environment7 Tips for Securing the Software Development Environment
Recent attacks have highlighted the need for organizations to pay closer attention to the hardware, software, and networks used in software development.
August 24, 2021
The attack disclosed by SolarWinds last December and others like the one on Codecov earlier this year focused a lot of attention on how organizations can mitigate risks via the software supply chain. Considerably less attention has been paid, however, to how organizations can protect their own software development and testing environments against similar breaches.
As the attacks demonstrated, software development environments are an attractive target for threat actors. Protecting these environments is critical to reducing the risk of an attacker carrying out a variety of potentially different actions. This can include stealing encryption and access keys, passwords, and intellectual property, according to the UK National Cyber Security Centre (NCSC).
Other risks include attackers embedding malicious code into a development project, using a development system to attack the build and software deployment pipeline, and harvesting information on how sensitive applications work for use in future attacks, the NCSC has noted.
Following are seven tips for protecting your development environment and continuous integration/continuous development (CI/CD) pipeline against attacks and compromises.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
2022 Insurance Industry Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report