You want security? You have to ask for it

I know at Freshleaf we’re a bit guilty of going on (and on) about website and application security, code quality, and the consequences of leaving online data protection to chance. We treat security as a default requirement.  But I spotted this article recently that highlighted how often security is overlooked, even by professional developers.

In a study in 2018, researchers in Germany used to hire 43 professional developers and tasked them with developing the user registration part of a fictitious social networking site. Storing and authenticating user credentials is a common task for developers. And storage of sensitive details such as passwords is just one area where – one might think - security would be considered essential.  The research expanded on a similar study the previous year where students were asked to complete a similar task.

Somewhat depressingly, neither the students nor the professionals routinely implemented secure password storage unless explicitly requested; and even then, the attempts at securing the passwords were frequently inadequate. Interviews after the tasks confirmed that – at least for the developers in the study – security was a distant second to functionality in terms of priorities.

Now, grabbing the first 40-odd bids on will not necessarily net you the most experienced or conscientious pool of developers. But it does highlight the fact that - even in areas where it is manifestly required - security is NOT necessarily a default. So if you're position of planning or commissioning any kind of development project – whether it’s the company website or the next Facebook – security needs to be right up there at the top of your requirements list.

Popular Reads


Keep up to date

Please provide your email address
Please provide your name
Please provide your name
No thanks