Application Security Lessons from Star Trek: How Kirk & Spock Can Inspire Secure Code - Part 2
August 24, 2016

Amit Ashbel
Checkmarx

At its emotional core, Star Trek explores the bond between two very different species – Kirk and Spock – who team up to seek out new worlds and defend the Enterprise. In many ways, the same can be said for developers and security teams. How so? In Part 1 of this blog, we covered Clear Visualization and Teamwork. Here are 2 more ways.

Start with Part 1

3. Gamification

Resistance is futile when it comes to adopting gamification. Gamification is considered the buzz in today's enterprises and startups alike. Wikipedia has a good description: "Gamification is the use of game thinking and game mechanics in non-game contexts to engage users in solving problems. Gamification is used in applications and processes to improve user engagement, return on investment, data quality, timeliness, and learning."
Gamification takes the teamwork enhancements described earlier to another level.

Gamification can be implemented as an exchange platform between developers, integrated into the developer's environments. In such a setup, each developer would be able to view the security solutions of others.

Developers could then flag particular solutions, similar to a Facebook "like", and even contribute to the general understanding of the nature of the particular vulnerability. Taking it further, it's even possible to reward the user who has been most beneficial to the team. For example, presenting rewards to developers who find the hidden risk, ways to break the code or written an impenetrable function. You can even call it your own in-house bug-bounty program.
A global social network is ideal for implementing such a security exchange platform. However, even simple existing forums, such as GitHub or StackExchange, can be used as they too reward developers for their contribution.

4. Immediate Feedback

"Kirk relied on Spock unfailingly for his advice, knowing it would never be encumbered by any thoughts of personal gain or tempered by emotional constraints," as stated by Time magazine(link is external).

The type of immediate feedback Spock is known for also has big benefit in a SAST scenario. We all draw lessons from our mistakes. Previously, a Quality Assessment (QA) was not performed until several months after the development cycle ends. Nowadays, in today's development environments, unit testing is de riguer and developers receive feedback on their code while it's still "fresh off the press".

Taking a look at SAST, we see that many companies employ the tools after the end of the development cycle, several months after the development of the code. Similar to QA processes, SAST should be integrated into the development and testing environments. While first-generation SAST tools provided an analysis too slow to fit into a Continuous Integration and Continuous Deployment environment, important functionality such as incremental analysis, seamless IDE integration and most importantly ease of use, solve this problem.

Live Long and Prosper

Application Security is built around the concept of ensuring that the code written for an application does what it was built to do, and keeps the contained data secure. Notwithstanding the high general interest in security, time and time again developers fail to integrate secure coding best practices. With these four tips, security teams can transfer that security spark to developers when it comes to writing code. In order for any security program to be properly implemented, it needs effective teamwork between developers and security teams.

Amit Ashbel is Director of Product Marketing & Cyber Security Evangelist at Checkmarx.

Share this

Industry News

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.