Page 36 - Informatics, October 2022
P. 36
Technology Updates
Crowdsourcing
Software Security
Enhancing Security by Secure Code
Collaboration amongst Developers
Edited by MOHAN DAS VISWAM
riting secure code in the Software To fully embrace the phenomenon of secure
Development Life Cycle (SDLC) phase and coding, one needs to create a secure development
Wadapting to security by design should be Software vulnerabilities are always environment that is built on a reliable and secure
a top priority for good developers. The benefit of IT infrastructure using secure hardware, software,
secure code is that many of the potential exploits on the rise. They may exist at any services, and service providers.
and attacks can be simply prevented by writing layer in the software, including However, building secure software by writing
better and more secure code.
the operating system, application secure code is easier said than done because
What is Secure Coding? the developers building the software normally
Secure coding, or secure programming, server, database server, etc. If not have less idea of vulnerabilities, exploits, and
involves writing code in a high-level language that addressed, they may get exploited, remediation.
follows strict principles to prevent the potential Secure software engineering, including
vulnerabilities that could expose data or cause and organisation’s data may be secure coding concepts, is also not taught in the
harm to a system. It is more than just writing, breached, and in a worst case college. Moreover, in several organisations, both
compiling, and releasing code into applications. development and security teams may also be
scenario, even a ransomware call working in silos.
may come up. As more and more To address this problem of writing secure code,
government services go online, NIC has designed and developed a secure code
crowdsourcing platform for exchanging secure
insecure web apps of important code among the NIC developer community.
Rajesh Mishra
Sr. Technical Director government services (G2B, B2G, G2C, Crowdsourcing is the practice of obtaining
mrajesh@nic.in information or input into a task or project by
C2G and G2G) can result in data theft, enlisting the services of a large number of people,
loss of confidentiality, financial either paid or unpaid, typically via the internet.
The sole purpose of this platform is to allow
losses, and service unavailability. for the voluntary contribution of secure code
Anil Kumar Jha The industry has come up with a snippets by NIC developers that may help other
Sr. Technical Director NIC developers in patching security vulnerabilities
aniljha@nic.in plethora of tools and technologies with ease that are found during the app audit
to address these issues, but one of process. NIC developers may use this platform
to gather more information and best practices to
the cheapest and most economical be followed during the development of web or
ways is to develop a secure SDLC and mobile apps.
Rohit K. Sharma
Scientist-C write secure code. This Secure Code Crowdsourcing platform
rohit.kumar89@nic.in can be accessed by the NIC developers using
their Parichay credentials. (Link to the platform:
https://x-seccode.nic.in)
36 informatics.nic.in October 2022
