taken from Darren's requirements feedback:
"Adherence to latest coding standards/security protocols. Once fully adopted we (and I’m sure many other users) will have a significant investment of IP residing on the hosted environment. Knowing this will be as secure as possible i.e. from hackers etc. will allow me to sleep at night! I know much of this will be covered by the set-up/lock down on servers/hosting arrangements but the coding of the tool will also be very important."
Anyone (esp. Dennis and Ryan), do we have any thoughts or documentation on how we approach the architecture and development in terms of security? I think it would be good to document the key principles to keep us mindful of this as we progress.
In our experience, it's also worth having a specialist penetration test done before releasing version 1.0. This may require some funding (~£5-7K), which we can broach nearer the time. Either way, it would be good to work with security in mind so that we save ourselves having to plug too many gaps later on. While the developers do this, I think we need to document that 'what and how', especially as the node stack is still relatively new to a lot of us.
Are there any takers for this task?