Recent attacks have highlighted the need for organizations to pay closer attention to the hardware, software, and networks used in software development.

8 Slides

The attack disclosed by SolarWinds last December and others like the one on Codecov earlier this year focused a lot of attention on how organizations can mitigate risks via the software supply chain. Considerably less attention has been paid, however, to how organizations can protect their own software development and testing environments against similar breaches.

As the attacks demonstrated, software development environments are an attractive target for threat actors. Protecting these environments is critical to reducing the risk of an attacker carrying out a variety of potentially different actions. This can include stealing encryption and access keys, passwords, and intellectual property, according to the UK National Cyber Security Centre (NCSC).

Other risks include attackers embedding malicious code into a development project, using a development system to attack the build and software deployment pipeline, and harvesting information on how sensitive applications work for use in future attacks, the NCSC has noted.

Following are seven tips for protecting your development environment and continuous integration/continuous development (CI/CD) pipeline against attacks and compromises.

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights