How Are Code Quality and Code Security Related?
Code quality and code security aren’t the same, but they’re closely related.
Join the DZone community and get the full member experience.Join For Free
Many developers draw a distinction between code quality and code security. Traditionally, embedded development and QA teams focused on quality, as software defects in embedded devices can cause life-threatening consequences. By contrast, security was most often a concern with web and commercial applications that handle sensitive customer data.
However, because customers now rely heavily on interconnected web and embedded applications, all development teams should be addressing both code quality and code security.
Who Cares About Code Quality?
Every developer cares about software quality to an extent. Those who can’t write reliable code that consistently produces the intended results will struggle to stay employed. But that doesn’t mean every developer should approach quality in the same way.
Software quality is not optional for embedded developers who write code that will drive cars and operate machinery. Web and commercial application developers have always needed to write stable code, but minor bugs used to be less consequential.
However, as organizations increasingly rely on web applications to automate business processes and process large datasets, the repercussions of production outages or malfunctioning software have become more severe. Web application developers are under increasing pressure to deliver clean software that produces intended outcomes for the customers that depend on their products.
Does this mean that web application and embedded developers should treat code quality the same way? Probably not. Regardless, web application developers cannot ignore the business risks of delivering unreliable software.
Who Cares About Code Security?
Web applications provide a portal through network firewalls, allowing attackers to access sensitive information by exploiting software vulnerabilities. For this reason, most web application developers use application security testing technologies to test their code for common security weaknesses.
Traditionally, the embedded market wasn’t as concerned with software security. Instead, embedded developers focused more on quality defects that could cause reliability or functionality issues. This focus has changed with the growth of the Internet of Things (IoT). Now that most embedded devices are connected to the Internet, they are also connected to malicious actors. Embedded developers must understand and respond to the potential security implications of building software in connected devices.
Those who don’t think the security threats to embedded devices are real should look to 2015 when two security researchers hacked into a moving Jeep — leading Chrysler to recall 1.4 million vehicles.
Again, this doesn’t mean web application and embedded developers should treat software vulnerabilities the same way. Different kinds of software pose different risks. However, this does mean every developer should be checking their code for security issues.
Published at DZone with permission of Charlie Klein. See the original article here.
Opinions expressed by DZone contributors are their own.