Importance of Source Code Management
The article below highlights a very interesting risk associated with Source Code Management.
This is not the first time that a developer has?purposely made changes?to code which have caused issues with either service availability and/or data integrity.
What stands these 2 issues apart from the supply-chain vulnerabilities such as the recent?SolarWinds issue, is that rather than a 3rd?party compromising the source code used in a product, in the above two cases, it is the code owner themselves who have purposely made destructive changes?
Key to my message is the criticality of source code management, coupled with testing (eg. auto-regression testing as part of CI/CD).?It speaks strongly to the importance of careful analysis of code/package inheritance, especially when working with opensource projects and code.
Fun Reading ...
If you’ve not read the following article … when you’ve a few minutes and a nice fresh coffee – I’d?strongly?(like my cheeky use of the HTML <strong> tag there????) recommend reading?https://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
Written in 1984, it resonates as strongly today as it did when I first read it in the late 80’s / early 90’s !!!
Original Post
This post was originally authored on my personal site, you can see it at https://blog.dtc.ninja/wp/2022/03/18/importance-of-source-code-management/
Sadly not the first example of this. I recall an example some time ago of a source code owner of some considerably well adopted libraries pulling access, causing massive challenges. Great article my friend, definitely more than simple food for thought!
GRC - IT AUDIT & Security
2 年Andrew Barnes Thanks for sharing . Interesting.