Rules of Thumb for Developing Secure Software: Analyzing and Consolidating Two Proposed Sets of Rules
暂无分享,去创建一个
This paper presents guidelines to develop secure applications in the form of "Do's and Don'ts " applying mostly to the software design level, but also to the implementation level. It builds on two collections of similar rules published in two seminal books in the area of secure software development, criticizes and improves those earlier rules and extends them by several new ones. The paper does not cover how to apply such rules in general. The main direction of improvement is making the rules more constructive, less ambiguous, and removing aspects not related to security.
[1] Peter Sommerlad,et al. Security Patterns: Integrating Security and Systems Engineering , 2006 .
[2] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.