If You Are A Programmer Is Your Source Code Repository Safe?

When people think of programmers they have one of two different perceptions. They either think they are brilliant geniuses that have skills that are beyond this world or they think that what they do is no big deal. They do not realize the complexity of the work and they think things can be done in a simple manner. Neither one of these statements are true. Not everyone can be a programmer but it is not as hard as people think it is. Sure there are some levels of programming where you have to be a genius to take on but that is not the case with all of programming. The ability to create the software that is able to decode a genome is quite different than the ability to create a basic web page. And that goes to the other point as well. Just because you can type a couple of things in notepad and some images pop up on a web page does not mean that you know how to program or that it is easy. To become a professional in the field is hard work.

If You Are A Programmer Is Your Source Code Repository Safe?

But even the professionals in the field need the right tools to be able to get the job done. If you are in the field long enough then you start to know what those tools are. A popular tool for both professional and hobbyist programmers alike are version control systems. It allows you to be able to take the source code you are writing and place it in sort of a back up folder. That is a really simple way to look at it but basically that is what you are doing. Backing up the source code that you write so that you can be sure that you can go back to it at anytime you need to. And that is what makes the software special. You can go back to any save point at anytime that you were building the software. You can take that point and do what is called either branching or forking depending on what versioning control software you are using. Once it has been forked you can now take the code from that particular point and create something different that you were working on. It can be something completely different or just maybe just have minor changes. Once it is done you can then merge the two versions together to create one project.

How most people use versioning control software

Now when you are using versioning control software you can choose to host the back up on another part of your computer. Or you can have a special hard drive that is dedicated to the task. That is not what most programmers choose to do. Most of the time, the programmers will host the software that they are creating on a remote server on the internet. Or if it is a large corporation they might choose an intranet instead. When they uploaded the files to the server they can either host it on a private web site that they run or one of the many popular services that are out there. One of the more popular services is a web site that is called Github. Once it is stored on these servers you can then choose to make it private or public. And that is where the security concerns come into play.

Security problems with public facing source code

When a programmer releases code that is chosen to become public that usually means it is most likely open source software. That means if a third party is able to change the source code that is in the repository they can potentially release a piece of malware that can infect all of the people who use that software. The person in charge has to allow you to commit to the project but a black hat hacker could easily design a hack that looks reasonable to the person in charge of the project but in reality is a serious concern. Any backdoor into the project could lead to problems. If the project lead does not allow a particular piece of source code to go into the system the black hat hacker can just read the source code itself and find ways to attack it when it is installed on their potential victim’s servers.

While this is a problem with open source software, closed source software has their problems as well. At least with the open source community you have many eyes looking at the software that will be able to fix the problem sooner than later.

When you are a programmer you must make sure that the server system you use to check your code in is safe. If you do not secure your servers you will find that your source code might not end up as secure as you thought it to be.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] work in protecting networks that is very different than protecting web apps. With web apps you are working with the source code and keeping it safe. When it comes to protecting the network you are mostly working with the […]

Speak Your Mind

*