We all use software programs to accomplish various tasks. We've discussed in a past blog about conducting cyber evaluations before trusting new software products, but what if you are the one writing the software product?
There are common standards for secure software development. For example, there is something called the OWASP Top Ten (https://owasp.org/www-project-top-ten/). This list provides awareness of the most common and most sever issues that occur in software. It is good to be familiar with the the items listed and ensure code does not fall victim to the common issues.
Similarly to how its is vital to do reviews of new software, it is also vital to evaluate libraries before you start using them. While some libraries offer excellent content that they just want to share with the world, there are still some nefarious people that provide content with malware for consumption.
Dependencies are a big issue with software libraries. Sometimes you will think your installing one thing but not realizing a bunch of other things were also installed for the library to work. Review dependencies and evaluate the risks before moving forward with bringing in libraries. Code reviews are also another relatively easy thing to do. There are many different tools that will scan code looking for errors. The tools are not just for security. They can also be helpful to improving how the code is working.