IEEE Computer Society shares top security design flaws

Share this article:

The IEEE Computer Society's Center for Secure Design released a report Wednesday on the top 10 software security design flaws plaguing developers, as well as recommendations for avoiding such mistakes.

The document was unveiled by the group's new Center for Secure Design, which aims to shift the industry's focus from finding bugs to a more proactive approach – “identifying common design flaws in the hope that software architects can learn from others' mistakes,” the report said.

The group recommended that developers validate all data received from an untrusted client before processing; that they use an authentication mechanism that cannot be bypassed or tampered with; and that user authorization occurs even after initial authentication takes place. 

Also among the recommendations, were that developers use cryptography correctly, and identify sensitive data and how it should be handled, the report said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.