5 Security Steps Every Software Maker Needs to Take

This is where paranoia pays off.

The recently revealed Heartbleed software security bug sent users of powerhouses like Google, Facebook and many others scrambling to change possibly compromised passwords.

The encryption flaw was described as one of the biggest online security threats of all time due to how long it went undetected. For two years, anyone on the internet could read right into data supposedly protected by the vulnerable code.

Paranoia doesn’t pay off much in the frenzy to change passwords after a crisis emerges. It pays off in cultivating the constant vigilance that averts the crisis. Software makers need a certain dose of paranoia to be effective.

"Threats and vulnerabilities have existed since the dawn of time and always will. We’re paranoid and forever diligent about keeping Essent and Essent customers’ systems and information safe and secure,” Eric S. Alessi, president and CEO of business management software maker Essent Corporation, said emphatically.

As long as sensitive electronic data exists, perpetrators will try to get it. At a minimum, software makers should:

1.) Employ a Chief Security Officer. Every software company needs a pivot person in the event of a security crisis and, even more importantly, to ensure that the company and its customers never experience a security crisis in the first place. Essent has a CSO.

2.) Participate in security events and courses. Doing so keeps the company apprised of the latest threats and how to respond to them, and of how to address threats in general. Dozens of information security courses are listed here. Essent participates in security education.

3.) Engineer network security appliances. Software needs to integrate security as tightly as possible. Software made without tight security integration is a fool’s errand. Insecure software is useless. Essent developed our own.

4.) Perform around-the-clock monitoring. Data thieves don’t sleep. Your security can’t sleep. Essent is always monitoring.

5.) Be vigilant -- paranoid, if you will: "We design our technologies with the expectation that organized, nefarious forces are actively targeting our customers and us at all times,” Mr. Alessi said. According to Essent CSO Damon Kopp, "Our own paranoid security motto: Security, You're Doing It Wrong!"

Essent and its users were never at risk from the Heartbleed bug.

Related: For security reasons, Essent endorses Microsoft’s Windows XP phase out.