Best Practices

Best practices are often tasks that are performed that include all the recommendations when leveraging a given service or application. These are often buried in documentation, handed down from engineers, and difficult to implement. Proliferating quality and security through best practices is a crucial step at building security into the product.

Documentation#

Best practices are best followed when it can be in an engineers best interest to read them. One of the best places to get engineering eyes on best practices is to have documentation that is helpful alongside it. When there is helpful documentation to get the job done, you can include security recommendations as they follow through helpful step by step guidance. Do you have documentation on the following you can perhaps do so?

• Onboarding
• Training
• Docker
• Kubernetes
• AWS/GCP/Azure
• GitHub/GitLab
• Configurations

If you do, this is exactly where you should insert your recommendations. Often times including some of the most important points in bold at the top of the page can help get the attention they require. Here are some examples as to how to write best practices documentation.

• Use clear and concise language
• Be consistent in your formatting and highlighting
• Use visuals such as diagrams
• Keep it up to date
• Make it easily accessible to engineers
• Use a consistent structure