The IEEE Computer Society Center for Secure Design (CSD) has launched and released its first title: Avoiding the Top 10 Software Security Design Flaws.
The IEEE Computer Society Center for Secure Design (CSD) has officially launched! The first document created by the center is called Avoiding the Top 10 Software Security Design Flaws. This document explains the most common flaws identified at the initial CSD workshop held earlier this year. Everyone remember the difference between bugs and flaws?
After reading the IEEE CSD document, you will likely fall into one of three camps. Camp 1 knows about some of the identified flaws, but there is at least one flaw that they haven’t thoroughly thought about. Camp 2 knows about every flaw listed. Camp 3 hasn’t considered any of these flaws in the design of their software. But here’s the important point: No matter what camp you are in, it is possible, dare I say even likely, that you will design software with one or more of these flaws.
There are several reasons for this. Here are just a few:
Regardless of why these flaws occur, the IEEE CSD will be creating more artifacts to help you identify techniques to avoid the flaws.
Sound challenging? I agree. But if you’re interested in seeing if this problem can be solved, let the CSD know you want to get involved, and we’ll see how you can you help out with the future workload.
Jim DelGrosso is a senior principal consultant at Synopsys. In addition to his overarching knowledge of software security, he specializes in architecture analysis, threat modeling, and secure design. Jim is the Executive Director for IEEE Computer Society Center for Secure Design (CSD). He also predicts that “OpenSSL will have at least one new vulnerability found in the next 12 months. You can pick the start date—it’s the ‘12 months’ that matters.” Jim relaxes and decompresses from work by playing with the dogs, listening to music, or just chilling out with a beer and a movie.