Coding in the open security considerations

[jbjonesjr]

https://www.gov.uk/government/publications/open-source-guidance/security-considerations-when-coding-in-the-open

• Open the code early
• Don’t rely on closed code as your only security measure
• Follow good development practices
• Keep keys and credentials closed
• Assume accidental publications are compromised
• Deal with security vulnerabilities

GDS code review style: https://github.com/alphagov/styleguides/blob/master/pull-requests.md Brakeman for static code analysis: http://brakemanscanner.org/ GitRob to review code at a single point in time: https://github.com/michenriksen/gitrob Talisman to review changes before they are committed: https://github.com/thoughtworks/talisman

[jbjonesjr]

Developer centered security: https://www.ncsc.gov.uk/blog-post/developers-need-help-too