Secure Coding for Application Security : What the Golden State Warriors are Teaching us
What if Application Security and what the GS Warriors have been achieving in the past 5 years could, somehow, relate to each other?
Picture this : Stephen Curry and his teammates have been achieving and over-achieving in the last two years, setting new records one after another. What if we could take it the recipes of their success and use it within application security?
Who would have thought, back then, that Stephen Curry would turn out to be the player He is today? The same goes for Klay Thompson, Draymond Green, between others. Golden State could see the potential in those players, and decided to just be patient for their development and saw long-term plans instead of short-term. As a result… they are the team they are today.
When it comes down to application security… the top companies out there started to follow the same process, buy improving their foundations as well. Oracle, for example, has a large-scale educational program in place to teach secure coding practices to their software professions (engineers, testers, managers…).
More and more companies around the world are now engaging with us in order to educate all of their software engineers on secure coding practices. What they tell us is in line with what the Warriors have put in place…
Team Effort
Golden State being THAT good is due to the fact that when facing them… you have to compete against a whole team, who is heading towards the same goal.
Application security is no different. It takes a company-wide effort in order to achieve top security… from your junior software engineer to your most experienced security architects.
Training is Essential….
The top players train the most… and so do the best companies. The organizations with the best security are those who invest the most in security, and security training. They also recognize how cheap training is, and how big the ROI is. On top of that, you grow the skills of your employees, retain them, and become better as a whole.
Be a Game-Changer
For the basketball lovers out there… You perfectly know that the Warriors have changed the game. They don’t have Karl Malone, or good old O’Neal… They have Small Ball. A clear revolution that is shaping the game of tomorrow.
Why not apply the same in application security. Why are some companies now actively seeking secure coding education while others keep protecting themselves in a “post-traumatic” manner? Why wait for a security breach to happen, and suffer from the costs afterwards (recovery… loss of reputation…)?
CHANGE THE GAME, be pro-active, secure your foundations.
Think Long Term
Bulls…Lakers…Celtics… and now most probably the Warriors. Those are most definitely the best teams in the history. Why? Just because they were long-term thinkers!
Application security is not just something you do today, and give up on in the future.
Application security is a continuous plan. You do not teach secure coding to 10 of your engineers and then throw a prayer in the air hoping you will stay out of trouble. Secure Coding will be 100% effective the day all of your programmers will apply it int heir daily work, taking away lots and lots of constraints on other IT professionals in your company.
Great Players Never Won Alone
Michael Jordan, Scottie Pippen, Dennis Rodman
Sam Jones, Bill Russell, John Havlicek
Magic Johnson, Kareem Abdul-Jabbar, James Worthy
Larry Bird, Robert Parish, Kevin McHale
Stephen Curry, Klay Thompson, Draymond Green
No matter how great you are. you can NEVER win alone. The same applies for secure coding… If taught to only a few individuals you WILL still be facing the same challenges.
The next time you will be thinking about Application Security, make sure Secure Coding comes on the table. It is not the answer to everything, but it is what will give you the best possible foundations, and the less headaches.