Image Credit
A big change is starting to happen in the world of IT. Just a few years ago, IT shops everywhere were busy trying to outsource just about every task that they could put their hands on. What’s happened since then is that CIOs have realized importance of information technology and that the ability to create custom code that will allow their company to move quicker and do more is something that has to be done in-house. There’s a problem however, IT shops are cranking out bad code…
The Problem With The Code That We’re Writing
So what’s the problem here? A software analysis company called Cast Software recently conducted a study in which they took a look at the structural quality of business application software that IT departments are producing. What they found is that the back office applications that we’ve always used appear to be pretty secure. However, the customer-facing applications that we’ve been turning out have issues that could cause either security problems or even outages.
The reason that our back office applications are doing ok is pretty straightforward. These applications sit on servers that are connected to few other systems. This means that there are fewer opportunities for software holes or gaps to show up. Generally speaking, we’ve had a lot of time to make these types of applications secure.
The newer applications that are being created in order to interface with customers are being written in newer languages. Unlike the COBOL language that was used to create many of the back office applications, these newer languages are still going through growing pains and may have security holes built into them. Additionally, a single application may have components that are written in multiple languages and this can further introduce security issues.
How To Fix The Bad Code Problem
You may be facing a situation where your IT shop is producing bad code. What’s a CIO to do? This is a case where you are going to have to take charge. It’s entirely possible that your IT team doesn’t realize that they have a problem and so it’s going to be up to you to educate them and show them how the problem can be fixed.
Since you have the CIO job, you need to realize that your developers were never taught how to create secure applications. This just isn’t taught in schools. It’s going to be up to you to show your teams what they need to be doing when they are writing code.
You are going to have to set up educational programs that will teach your developers about the common known design weaknesses that hackers use and show them how to avoid them when they are building applications. One free resource that can be used is the Common Weakness Enumeration website which provides a checklist of security holes.
Once the education process is done, two types of analysis need to be performed. A static analysis will allow the team to look at the entire structure of the application. A dynamic analysis will then allow them to run the code and search for performance issues.
What All Of This Means For You
As CIO you are responsible for everything that your IT department produces. That means that the quality of the code that your teams are producing will have your name on it. Are they doing a good job?
It turns out that recent studies have shown that a great deal of the customer facing code that is being written has big problems. Due to the languages that are being used, the interfaces that the software has, etc. there are major security holes in our code. If we don’t take the time to learn how to write secure code, then your time in the CIO position may turn out to be very short.
The good news is that this is a solvable problem. By taking the time to get your IT development teams trained about what not to do, you can save yourself and your company a lot of grief. Take action today and make sure that the code that you’ll be proud of is the code that they will be producing tomorrow.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What’s the best way to check the security of the code that your IT teams are producing?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
The era of big data has arrived. CIOs everywhere are swimming in a sea of data and only now are they starting to get the tools that will allow them to make sense of what they have. It turns out that there is another problem that has arrived at the same time and right now there is not a clear answer to how best to deal with it: how to back up all of that data.