Public Access Encouraged
Because the authors, contributors, and publisher are eager to engage the broader community in open discussion, analysis, and debate regarding a vital issue of common interest, this document is distributed…
Because the authors, contributors, and publisher are eager to engage the broader community in open discussion, analysis, and debate regarding a vital issue of common interest, this document is distributed…
Carl Landwehr and Tom Haigh detail a building code for software security that will the reduce the vulnerabilities of their system to malicious attackers. Read the full PDF here: Building Code…
As stated in the Mission Statement, the IEEE Center for Secure Design will provide guidance on: Recognizing software system designs that are likely vulnerable to compromise. Designing and building software systems…
Software security must be designed for change, rather than being fragile, brittle, and static. During the design and development processes, the goal is to meet a set of functional and…
It is unlikely that you will develop a new system without using external pieces of software. In fact, when adding functionality to an existing system, developers often make use of…
Almost every software system in existence today interacts in one way or another with human beings. The users of a software system range from those in charge of fielding, configuring,…
Data are critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how to protect it appropriately. Many…
Cryptography is one of the most important tools for building secure systems. Through the proper use of cryptography, one can ensure the confidentiality of data, protect data from unauthorized modification,…
Software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold: Vulnerabilities frequently arise from implicit assumptions about data,…
Co-mingling data and control instructions in a single entity, especially a string, can lead to injection vulnerabilities. Lack of strict separation between data and code often leads to untrusted data…