As a security expert, I’m checking my mindset all the time, and today I had a few thoughts about our development process guidelines. When the dev team writes something new: feature, app, end-point or fixing a bug, I asked them to answer two questions before deployment: Does it work? Is it secure? So every time we deploy we have the best security.
Wrong!
Our brain acts like the spokesman of the president, it doesn’t matter what we did, it’ll try to excuse it, Or in plain English, we all suffer from the Confirmation bias.
So every time that the developers got to the second question, the answer was always, of course, it is secure.
To avoid the Confirmation bias I asked them to answer just one question: Does it work securely? Now I tied the working with security mindset so if it’s not secure it’s not working. and the process is a little bit more secured.
We should always remember “Security is baked in not sprinkled out”