Salesforce.com Security Review Is a Blessing

This post is going to be short and sweet, partly because it doesn't need to be long and partly because we're getting dangerously close to Dreamforce, which means things are getting more and more crazy around here. Length doesn't dictate importance though, and security is something that is all-too-often overlooked by a lot of developers on the Salesforce.com platform and that is not a good thing.

ISV Developers Get It Good

The chances are good that if you work at a Salesforce.com ISV partner that you'll have encountered the AppExchange security review process. The chances are also good that it will seem like a thorn in your side, but it truly is a blessing in disguise, and I think that Sarah Whitlock and her team unfairly receive more flak than praise. The reason it's a blessing is because it will likely open your eyes to a whole world of security concerns that you may have never considered otherwise; not only does this help protect your customers, and therefore you and your reputation, but it helps increase your general awareness of issues, and that carries over into everything else that you do.

If I'm truly honest then I can comfortably say that security was way down my list of priorities during my first few years on the platform, it was generally something that faded into the background; considered, but not given enough attention.

Today my attitude is very different (I went through a similar process with respect to test methods) and that is why I was particularly grateful to have Gary Breavington join us on Code Coverage to discuss security on the platform and how OWASP's top ten relate to it. I encourage all developers to listen to this episode and hear what Gary has to say, and then when you've finished, listen again. It is impossible to overstate just how important it is to know and understand these risks.

Please head over to CodeCoverage.org to see the show notes and Gary's slides.

comments powered by Disqus