I was intrigued by an article I read the other day in CSO Online titled “4 security concerns for low-code and no-code development”. The premise of the article was, essentially, that enterprises must beware of low-code solutions, because they can cause security concerns.
In the article, author Chris Hughes says, “By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.”
I fundamentally disagree with this premise. Specifically, there is nothing inherently secure or insecure about low-code or no-code solutions. The key to all application development frameworks, systems, processes, and policies—manual or automated—is that they are as secure as the enterprise invests in making them secure.