An often overlooked aspect of software development is secure software design. With rapidly changing technologies, tight release schedules, and sloppy architecting to begin with, finding a securely designed application is too rare of an occurrence. Additionally, the application security community has not done a great job at providing meaningful guidance around secure software design. Fortunately, the IEEE has recently established a Center for Secure Design which has been sponsoring efforts to address this very issue. Since secure software design is such a key aspect to any meaningful secure software development program, it is worth highlighting some of their recent work.
Posted in Software Architecture & Design