The IEEE Computer Society Center for Secure Design

Avoiding the Top 10 Security Flaws
csd logo

The IEEE Computer Society Center for Secure Design intends to shift some of the focus in security from finding bugs to identifying common design flaws — all in the hope that software architects can learn from others' mistakes. To read more about what the Center for Secure Design is, read the Facts.

Center for Secure Design participants — from industry, research, and government — identified the top flaws found in their own internal design reviews, or that were available from external data. Many of the flaws that made the list have been well known for decades, but continue to persist. To read more about the top 10 security flaws flaws — and how to avoid them — download or read the document.

Avoiding the Top 10 Software Security Design Flaws is released under the Creative Commons Attribution-ShareAlike 3.0 license. Read more here.

IEEE Computer Society Center for Secure Design
Original Participants

  • Iván Arce, Sadosky Foundation
  • Neil Daswani, Twitter
  • Jim DelGrosso (CSD COO), Cigital *
  • Danny Dhillon, RSA
  • Christoph Kern, Google *
  • Tadayoshi Kohno, University of Washington
  • Carl Landwehr, George Washington University *
  • Gary McGraw, Cigital *
  • Brook Schoenfield, McAfee, Part of Intel Security Group
  • Margo Seltzer, Harvard University
  • Diomidis Spinellis, Athens University of Economics and Business
  • Izar Tarandach, EMC
  • Jacob West, HP
* steering committee members


Athens University logo University of Washington CSE logo Cigital logo EMC logo Google logo HP logo Sadosky Foundation logo twitter logo George Washington University logo Oracle logo National Science Foundation logo Netsuite logo

The Silver Bullet


Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Computer Society Center for Secure Design. Participants discuss the Center's origin, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.
Listen now