Cybersecure Software Development has become a much bigger issue in the past 2 years than it has ever been.
The C Suite as well as the Board level of corporations has become painstakingly aware of the issues corporations face when it comes to cyber security. We have had some spectacular breaches of security where the cyber criminals got ff with a boatload of data which ultimately will be used to facilitate some form of crime.
The two forms of cyber crime mentioned above are well understood and corporations are doing their best to safeguard their networks and data.
One often overlooked aspect of the problem of how to safeguard data (whether it is customer data or proprietary firm data) arises in the context of outsourced software development.
Market Research shows that more than 90 % of companies use external sources to procure some or all of their software code. (Forrester Research).
The software development operations of any company are an obvious target for corporate espionage. Since the code developed will ultimately be used to power Business Applications any advance knowledge of such code provides a potential significant strategic advantage to a competitor.
The practice to outsource software development is so widespread that it should be an absolute priority for corporations to implement a code of conduct to be employed by the outsourced software development team.
Obviously the implementation of such a code of conduct gets progressively more complicated when the provider resides in countries and jurisdictions which are more difficult to control from far away. Cultural differences and a general lack of awareness of the problem might complicate matters even further.
Never the less...market circumstances dictate that any responsible company makes cybersecure software development a priority in their effort to fend off cyber crime.
One advantage when establishing a Cybersecure Software Environment is that the users of the environment are technically savvy and well aware of what it takes to safeguard their work.
Often times it is the weakest link within an organization which opens the floodgates for a successful penetration of the network. The weakest link is sometimes as simple as an employee who is just not aware of cyber security protocols.
In theory highly skilled developers, even working in remote locations and far away countries, should be able to comply with the steps needed to secure their development work. As such it is one area of cyber security where the remedy is relatively easy to come by.
The issue might exist a bit under the "radar" for the Senior Level...but once attention is paid it might be a rather easy fix.