How Indie Development Studios Are Making Their Systems Safer
Indie development studios have been around for a long time, from games to software, to even operating systems. These programs often show a great deal of love and care throughout their systems as the development team is very small, possibly even limited to a single person who takes on the project by themselves. Because of this, the solutions they work on are often focused in areas that larger studios and companies don’t look into, be that for personal use cases or to fulfill a niche. Regardless of the reason, the detail and work put in by indie developers is the reason why the “indie” tag is very well known and potentially a selling point for some people.
However, working with a small team or studio can be a much more difficult task than working alongside a large development team. Within a large team, tasks can be broken down much more easily, distributed and enacted, meaning that solutions can be tested, bug fixed and corrected much faster with a team of thirty than it can with a team of four. This becomes a concern when security is involved, as an indie team or developer will likely have less time and therefore be unable to do as many security tests as large teams. Indie teams are finding new ways to work more closely with safety and security, so read on to see the methods indie developers use today.
Changing The Way They Develop
Many development studios, small and large, are changing the way they work and develop solutions and projects. Teams are moving away from the simple agile or scrum methods and are instead looking into DevSecOps, a development method that aims to shorten the system development life cycle and instead provide constant delivery post-production. Within the DevSecOps line, security is the main front of the development lifecycle, built-in from the very beginning into the requirements, the design, the code and the deployment. This is what differentiates DevSecOps from Scrum or Agile programming methods, and works brilliantly for small studios as they are able to focus on security as the number one priority without compromising on the creation or addition of content, nor patches or bug fixes.
So why would indie developers need to put this much focus into security? Well, as stated earlier, just because a studio is small or indie does not mean that their projects aren’t large-scale or that they won’t be highly received. Just a quick look at indie games shows how quickly these games can rise in popularity. When you consider the fact that the famous operating system Linux had its kernel created by a single developer, you can begin to see the scale that many indie studios work toward, regardless of their size. This is why security methods like DevSecOps are so important. Take the original Linux, for example. This would be running an entire computer, connecting you to the internet, managing RAM allocation and even having links to all of your files. If this was to be easily compromised due to lack of good security, the entire OS would be almost unusable. Just looking at security breaches such as Twitch’s server attack leading to the publishing of sensitive information of vast numbers of streamers, you can see the risk involved in not having security at the heart of your work.
Using Open Source To Further Security
This option may sound overall less secure, but there are many people, as well as many studios, that are turning to open source to boost the security of their projects and systems. Open source is when the system’s source code is completely open to being looked at by developers and – whilst this is often used by developers creating libraries of code – can be used as the basis for a new system or solution. Programs like GIMP, Blender and Mozilla Firefox, as well as coding languages such as Python and even operating systems, like Linux, all have their source code accessible to anyone with a copy of the software. At first glance, this seems contradictory to the idea that open source increases security, as surely looking directly at the code could let someone find security vulnerabilities more easily. This is almost true.
The open-source community is known for helping developers who allow their systems to be open source. Once a program is in its first deployment stage, it is sent to the users who begin using it, finding bugs and problems and reporting them back to be patched or changed. Many people will delve into the source code if they are able and will from there look through the code and find more bugs or security issues and report them back, potentially even offering a solution to combat these issues. The development team can then make these changes and release a new patch. This use of external users willing to help out development can massively ease the workload on small studios that may not have as much time to work through to find security issues.
At the end of the day, security should be at the forefront of a development team’s mind, no matter what they are coding or who they are coding for. Security not only for the application or solution but also for the peace of mind of the users. These are just a few ways that indie developers improve the security of their systems, but there are many other factors to research and consider when looking at solution security.