Matt Behrens has a quick-read article on what he calls ‘security hygiene‘ over on the Atomic Object blog. These are basic tips for software-minded developers and coders. From VPN advice to password management (a constant topic of concern, no doubt) to software sources and disk encryption, these tips are both useful and extremely practical. Most of them you can implement right now, or at the very least moving forward you should keep them in mind as you develop and deploy (and frankly regular users should be made aware of these topics as well).
As software makers, we face a unique threat model. The computers or accounts we use to develop and deliver software are of more value to an attacker than what ordinary computer users have—cloud service keys can be stolen and used for profit, and the software we ship can be loaded with malware without our knowledge. And that’s before we consider that the code we write has a tremendous value of its own and should be protected.
Taking responsibility for our security hygiene is, thankfully, not very difficult. Today, most tools we need are either already present in our operating systems or can be added without much effort. In this post, I’ll take you down a list of things you should consider.