The introduction of nefarious code, either intentionally or otherwise, can pose an existential crisis to a company. Mitigating the risk involves a series of steps, including centralized access management, reliable backup/restore mechanisms and personnel training. Specifically, with regards to digital production, a Git repository offers a partial solution.
- Implement and enforce a “gitflow” code check-in process that ensures that every line of code that is added to your codebase is reviewed by at least one other person.
- Perform a code audit to ensure that the work performed on the current implementation is at least free of nefarious code, and better yet conforming to good coding practices.
- Document the critical custom code, such that it can be handed off, wholly or in part, to alternate resources, in the spirit of business continuity.