How to write code that doesn't do what it oughtn't

Sometimes we developers are asked to wear many different hats. I've felt like I needed to be a graphic designer to craft CSS, an anthropologist when dealing with forty languages worth of I18N/L10N, or a detective when piecing together logs and git history to find a heisenbug in legacy code.

Rather than asking you to wear yet another hat, here are a few approaches I take when wearing my security engineer hat that might help you write code that you and your friendly, neighbourhood blue teamers can have confidence in.

Make the language work for you

Imagine you were asked to review this code: