The IEEE Computer Society Center for Secure Design (CSD) has launched and released its first title: Avoiding the Top 10 Software Security Design Flaws.
The IEEE Computer Society Center for Secure Design (CSD) has officially launched! The first document created by the center is called Avoiding the Top 10 Software Security Design Flaws. This document explains the most common flaws identified at the initial CSD workshop held earlier this year. Everyone remember the difference between bugs and flaws?
After reading the CSD document, you will likely fall into one of three camps. Camp 1 knows about some of the identified flaws, but there is at least one flaw that they haven’t thoroughly thought about. Camp 2 knows about every flaw listed. Camp 3 hasn’t considered any of these flaws in the design of their software. But here’s the important point: No matter what camp you are in, it is possible, dare I say even likely, that you will design software with one or more of these flaws.
There are several reasons for this. Here are just a few:
Regardless of why these flaws occur, the CSD will be creating more artifacts to help you identify techniques to avoid the flaws.
Sound challenging? I agree. But if you’re interested in seeing if this problem can be solved, let the CSD know you want to get involved, and we’ll see how you can you help out with the future workload.