IEEE Computer Society shares top security design flaws
The IEEE Computer Society's Center for Secure Design released a report Wednesday on the top 10 software security design flaws plaguing developers, as well as recommendations for avoiding such mistakes.
The document was unveiled by the group's new Center for Secure Design, which aims to shift the industry's focus from finding bugs to a more proactive approach – “identifying common design flaws in the hope that software architects can learn from others' mistakes,” the report said.
The group recommended that developers validate all data received from an untrusted client before processing; that they use an authentication mechanism that cannot be bypassed or tampered with; and that user authorization occurs even after initial authentication takes place.
Also among the recommendations, were that developers use cryptography correctly, and identify sensitive data and how it should be handled, the report said.