Secure Coding Practices

The cluster discusses why developers often write insecure code, debates on whether security should be handled by languages/frameworks or individual programmers, and criticisms of normalizing poor security practices in software development.

➡️ Stable 0.8x Security

5,297

Comments

Years Active

Top Authors

#7209

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

135

2012

183

2013

231

2014

270

2015

283

2016

356

2017

404

2018

282

2019

345

2020

363

2021

480

2022

393

2023

374

2024

433

2025

539

2026

Top Contributors

tptacek (102) pjmlp (42) nickpsecurity (25) pixl97 (23) eropple (19)

Keywords

akashasec.com AI UX L4 WP MSVC6 TCP OS NotPetya API security code software developers secure practices write coders insecure coding

Sample Comments

tonetegeatinst • Aug 25, 2024 • View on HN

Because developers don't always consider the security aspect. Not saying this is what he's doing but could also just be due to how complex good software can be to write.Their is a reason cybersecurity or UI/UX or product design isn't always left to the developer. The coder write code that fits certain criteria they are given, then someone down the line might QA check it, fuzz inputs or security review the code. How well this is done depends on the product,market, and envir

friendlydog • Jan 20, 2022 • View on HN

I've seen lots of "experts" write really insecure code. While it is certainly possible someone did this maliciously. Devs often don't understand the code they write and repeat until they get something that "works" and call it good. With an app that touts security I would hope for better.

lawnchair_larry • May 4, 2017 • View on HN

Nope, you've got it backwards :) If you really want security, it's something that no programmer should have to think about. Your language/framework/platform/API has to provide it for free. Trying to make every developer a security expert is a laughable proposition. That's my conclusion after 15 years in the security industry.

gkya • Feb 7, 2018 • View on HN

This is fun and all, but if the message that this tries to pass along is "don't bother with proper security because it's very hard/impossible, do your best and ship, you can always fix your code", than that's bullshit. Secure coding is possible and is our responsability when we are writing code that others are meant to use somehow, and if most of the devs lack the formation in secure coding and if many companies don't ensure the code is secure to some standard

thedevilslawyer • Jul 30, 2025 • View on HN

Nothing fair about making software insecure. Don't normalise it.

dhugiaskmak • Mar 2, 2014 • View on HN

"Never write your own security code, because you'll get it wrong. Leave it to the smart people."

jacquesm • Mar 14, 2015 • View on HN

Yes, everybody always assumes that the code is secure. That's the root cause of the problem.

devwastaken • Apr 11, 2019 • View on HN

That's an unreasonable expectation. Security is not left to bug fixes. It is a skill developed by overall knowledge of the domain, and an explicit intent to be conscious of how what you write can be misused.If someone can scan your repo for a problem this quickly, then youre not designing secure software, and that should be posted front and center at the top of the repo given that wasms entire purpose is machine independent code that is properly sandboxed from exploitation.

verdverm • Aug 23, 2021 • View on HN

For non copilot, the words around the code found on stack overflow or a blog post may indicate the lack of correct security, which would be a signal to a developer that they need to consider something further.

nanodano • Oct 28, 2017 • View on HN

Most developers don't know securityhttp://www.akashasec.com/most-developers-dont-know-security/