I'd recommend this post as good primer on important security concepts:
Four Security Principles That Software Developers Should Follow
Rob Waller ・ Feb 22 '18
But it's the first couple comments on the article that caught my attention. Nick Taylor responded with an additional tip that might be "potentially obvious".
To which Rob responded:
Interesting, tell me more. I haven't heard about that before.
Nothing is obvious in our field. Expertise branches off in so many directions that it's possible for anyone to have a blind spot to any concept. There is no "learn everything" course in software development. It's a mishmash of ongoing acquisition of knowledge from wisdom sharing economy. We can never assume that our input to the conversation is not helping someone grasp a topic for the first time.
I'd imagine that Nick's comment was more directed as a helpful additional tip for future readers of the post who might want to explore further concepts. And Rob's comment exemplified exactly why this is valuable.
Software development knowledge gets diffused because we get to be flies on the wall to so many wonderful online conversations. Every time you send a signal into the world in this way, you're contributing to the future of the field. The principle of least privilege is standard enough to have a Wikipedia page and it's a fairly intuitive concept once you've taken it in, but that doesn't mean folks just know it. It's conceivable that a developer could learn this on day one of their career or day 5,000. You just don't know.
Taking the time to helpfully mention what you think might be obvious can be incredibly helpful to the lurkers on the web that might learn something new today. It's also a chance to reaffirm your correctness on the subject, so long as the follow-up comments are constructive.
Keep sharing the wisdom, it's how we grow.
One thing, I'd mention too, although potentially obvious, but it never hurts to state the obvious, is to always apply the principle of Least Privilege.