One of the main focuses of the Software Security industry is ensuring that all code is clear of bugs. But this is only a half of the problem. The other half is the design flaws in the applications coding, which can be avoided in the earlier stages. Examples of this include forgetting to authenticate the user or a client-server transaction that doesn’t protect itself from man-in-the-middle (MitM) attacks.
At this year’s RSA Conference, Gary McGraw, VP of Security Technology at Synopsys Software Integrity Group (SIG), sat down with SearchSecurity’s Editorial Director, Robert Richardson, to discuss this issue.
“Flaws aren’t issues that are in the code, but they’re about the way the code itself is designed, or the way the framework is designed.”
Along with giving a proper definition of design flaws, McGraw also gave insight into how to avoid these instances and the role the IEEE Center for Secure Design can play to decrease architectural flaws in future software. “What we found out at a meeting of the IEEE group was that everybody has the same sorts of flaws.”
To watch Gary’s interview and learn more about the importance of correcting design flaws in code, visit McGraw: IEEE helps find software development design flaws.