Public Access Encouraged
Because the authors, contributors, and publisher are eager to engage the broader community in open discussion, analysis, and debate regarding a vital issue of common interest, this document is distributed…
Articles by ieeecybersecadmin
Building Code for Medical Device Software Security
Carl Landwehr and Tom Haigh detail a building code for software security that will the reduce the vulnerabilities of their system to malicious attackers. Read the full PDF here: Building Code…
Get Involved
As stated in the Mission Statement, the IEEE Center for Secure Design will provide guidance on: Recognizing software system designs that are likely vulnerable to compromise. Designing and building software systems…
Be Flexible When Considering Future Changes to Objects and Actors
Software security must be designed for change, rather than being fragile, brittle, and static. During the design and development processes, the goal is to meet a set of functional and…
Understand How Integrating External Components Changes Your Attack Surface
It is unlikely that you will develop a new system without using external pieces of software. In fact, when adding functionality to an existing system, developers often make use of…
Always Consider the Users
Almost every software system in existence today interacts in one way or another with human beings. The users of a software system range from those in charge of fielding, configuring,…
Identify Sensitive Data and How They Should be Handled
Data are critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how to protect it appropriately. Many…
Use Cryptography Correctly
Cryptography is one of the most important tools for building secure systems. Through the proper use of cryptography, one can ensure the confidentiality of data, protect data from unauthorized modification,…
Define an Approach that Ensures All Data are Explicitly Validated
Software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold: Vulnerabilities frequently arise from implicit assumptions about data,…
Strictly SeparateData and Control Instructions, and Never Process Control Instructions Received from Untrusted Sources
Co-mingling data and control instructions in a single entity, especially a string, can lead to injection vulnerabilities. Lack of strict separation between data and code often leads to untrusted data…