Source code security: a checklist for managers

Abstract

Although computer security is usually thought of as data security, the protection of the executable software which creates and maintains that data is an equally important aspect of security. This article will describe the general principles for securing source code integrity in the computer services department of a medium to large size organization. It is addressed to the EDP manager, auditor, or user who has primary administrative, rather than technical, responsibility for the security of such code. My treatment of these issues will inevitably reflect my own primary experience of them, which has been with mainframe batch data processing applications. But the underlying principles of source code security are the same for all types of software, whether batch, interactive, or micro. Accordingly, I may hope that my discussion of these problems will be of some use also to those who must manage other types of data processing.