Public Access Encouraged
Because the authors, contributors, and publisher are eager to engage the broader community in open discussion, analysis, and debate regarding a vital issue of common…
Articles by ieeecybersecadmin
Building Code for Medical Device Software Security
Carl Landwehr and Tom Haigh detail a building code for software security that will the reduce the vulnerabilities of their system to malicious attackers. Read…
Get Involved
As stated in the Mission Statement, the IEEE Center for Secure Design will provide guidance on: Recognizing software system designs that are likely vulnerable to compromise….
Be Flexible When Considering Future Changes to Objects and Actors
Software security must be designed for change, rather than being fragile, brittle, and static. During the design and development processes, the goal is to meet…
Understand How Integrating External Components Changes Your Attack Surface
It is unlikely that you will develop a new system without using external pieces of software. In fact, when adding functionality to an existing system,…
Always Consider the Users
Almost every software system in existence today interacts in one way or another with human beings. The users of a software system range from those…
Identify Sensitive Data and How They Should be Handled
Data are critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how…
Use Cryptography Correctly
Cryptography is one of the most important tools for building secure systems. Through the proper use of cryptography, one can ensure the confidentiality of data,…
Define an Approach that Ensures All Data are Explicitly Validated
Software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold: Vulnerabilities frequently arise…
Strictly SeparateData and Control Instructions, and Never Process Control Instructions Received from Untrusted Sources
Co-mingling data and control instructions in a single entity, especially a string, can lead to injection vulnerabilities. Lack of strict separation between data and code…