Posted by Jim DelGrosso on Thursday, August 28th, 2014
The IEEE Computer Society Center for Secure Design (CSD) has officially launched! The initial document created by the center is called Avoiding the Top 10 Software Security Design Flaws. This document represents the most common flaws identified at the initial CSD workshop held earlier this year. Everyone remember the difference between bugs and flaws? If not, get a refresher here.
After reading the CSD document, you will likely fall into one of three camps. Camp 1 knows about some of the identified flaws but there was at least one flaw that they haven’t thoroughly thought about. Camp 2 knows about every flaw listed. Camp 3 hadn’t considered any of these flaws in the design of their software. But here’s the important point, no matter what camp you are in, it is possible, dare I say even likely, that you will design software with one or more of these flaws.
There are several reasons for this:
Regardless of why these flaws occur, the CSD will be working on creating more artifacts to help you identify techniques to avoid the flaws.
Sound challenging? I agree. But if you’re interested in seeing if this problem can be solved, let the CSD know you want to get involved, and we’ll see if we can have you help out with the future workload.
Get the latest AppSec news and trends sent directly to you.