AVOIDING THE TOP 10 SOFTWARE SECURITY DESIGN FLAWS

Most software that has been built and released typically
comes with a set of defects—implementation bugs and design
flaws. To date, there has been a larger focus on finding
implementation bugs rather than on identifying flaws.
In 2014, the IEEE Computer Society, the leading association
for computing professionals, launched a cybersecurity initiative
with the aim of expanding and escalating its ongoing
involvement in the field of cybersecurity. The first step
for the initiative was to launch the IEEE Computer Society
Center for Secure Design. The Center intends to shift some
of the focus in security from finding bugs to identifying
common design flaws in the hope that software architects
can learn from others’ mistakes. To achieve this goal, the
Center brought people together from different organizations
at a workshop in early 2014.
At the workshop, participants discussed the types of flaws
they either identified in their own internal design reviews,
or that were available from external data. They arrived
at a list they felt were the top security design flaws. Many
of the flaws that made the list have been well known for
decades, but continue to persist. In this document is the
result of that discussion—and how to avoid the top 10
security flaws.

Source: https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s