Software embedded research and development industry source code Security Management Program Summary

analysis on the current situation of software embedded research industry :

Software development or embedded research and development industry, the core part is often the source code, how to do the source code management is crucial. This article only discusses the source code security management. According to the current situation of practitioners in software development or embedded research and development industry, the following characteristics are considered:

1. Higher education, are very smart, very understanding of computers.

2. Each developer has the ability to write programs, and even write programs that can deform various data. Example: File read and write(Output Log),SocketCommunication, memory mapping, resident services, etc., forWebdevelopers, throughIISorTomCatwaitWebthe code of the server is more easily distorted.

3. The researcher's personality is stronger and more difficult to manage.

our software development or embedded industry characteristics require that research and development results must be - source code for security management. But the reality of the work must be environmental characteristics :

- we must have a local area network in order to work together;

- need to be able to access the Internet, easy to find information;

- must pass U Port and other ports to connect external devices for debugging.

for some businesses some adoption Management isolation, some on the virtualization, and some on the document-level encryption software, monitoring software is basically the shape of a fake. For example, a common physical isolation is network and extranet disconnection, and then disable the use of u

-- for Software Prohibitions U It's a dish, got a U Disk PE , and then directly from U the disk starts to bypass the operating system's control to do anything.

-- The cable head on the plug-in wall connects directly to your laptop for data transfer.

-- for those who cannot seal U Mouth / the embedded debugging environment of the serial port is simpler, it can pass the data directly U The port serial port writes out.

。。。。。。

In addition, for virtualization, all data on the server side, looks perfect, but as long as the external network is available, peripherals are available, there is basically no security.

As a software embedded research and development company's information security Manager, how should it be?

Development team code Management points:

First IMPORTANT: You must build a source-code version Management Server

regardless of the size of the research and development team, the source-code version Management Server is very important. Not because the team is small, the diagram is convenient, you do not use the source control server. Using source control server can not only track history, but also improve team collaboration and improve product quality. At present, the common source code version Management Server has svn/vss/cvs/git and so on.

With the source code version Management Server, you can standardize the development process.

2. 1. Each developer must be required to submit the compiled source code to the version server every day to prevent the terminal exception code from being found. The code must be commented, not only in the code, but also when updating SVN.

4. 2. when you publish a version, you must complete the SVN download the code to compile and publish it with this result, and no employees are allowed to publish the software version directly from their own computer.

6. 3. The version server must have strict access to the project directory, no need to use the directory, do not need to open to employees.

8. 4. The SDC SDC The sandbox client's computer can be downloaded to this source-code version server, updating the code. And once the SDC

10. 5. the server is physically stored in the computer room or the boss's office, so employees are not contacted directly. Recover the operating system account.

Second importance: Adding safety factors to your design

2. 1. Research and development design can not be saved, must be modular design, the module has a clear interface, the core module code is best made Library , to avoid direct contact with the core code, but also to avoid each developer has complete code, reduce the risk of leaks.

4. 2. to effectively prevent decompile, the key module code is best used C + + language.

The third important: Daily code security management

Any project development, basically has the design, the programming, the test, the release and so on several basic links.

1. in design / programming phase, to surround SVN SDC sandbox security environment. SDC

2. SDC SDC

3. product Release stage, go outside to send approval, then can release. If you have the ability, it is recommended to build a web -only automatic compilation / Publishing Server.

In addition, other considerations:

4. must strictly follow the development norms and procedures, so that each employee has a sense of safety, such as people left the computer behind the lock screen.

5. the SDC sandbox client is deployed on the development computer to write code in the secret sandbox, and if it wants to sisu the net, Sisu the net from the sandbox. (Transparent inside the sandbox encryption, does not affect the compilation debugging, all kinds of deformation can not escape the sandbox);

6. access to the Internet to search for information, the data only cannot be entered;

7. when using instant chat tools such as QQ, the data only cannot be entered and the screen is reversed:

8. to get the data externally, you must let it go for approval.

The third important: Give full play to SDC features of the sandbox

SDC Sandbox is a complete source code security solution, in addition to the standard anti-leak function, there are behavior monitoring and warning functions, such as print content monitoring, Internet content monitoring, peripheral data communication monitoring, user behavior analysis, screen monitoring, anti-screenshot, anti-photography and other functions. If you can use all the functions, can greatly improve the security of the source code, please refer to the SDC Sandbox's official website www.shenxinda.com.

Software embedded research and development industry source code Security Management Program Summary