IEEE Computer Society shares top security design flaws

Share this article:

The IEEE Computer Society's Center for Secure Design released a report Wednesday on the top 10 software security design flaws plaguing developers, as well as recommendations for avoiding such mistakes.

The document was unveiled by the group's new Center for Secure Design, which aims to shift the industry's focus from finding bugs to a more proactive approach – “identifying common design flaws in the hope that software architects can learn from others' mistakes,” the report said.

The group recommended that developers validate all data received from an untrusted client before processing; that they use an authentication mechanism that cannot be bypassed or tampered with; and that user authorization occurs even after initial authentication takes place. 

Also among the recommendations, were that developers use cryptography correctly, and identify sensitive data and how it should be handled, the report said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached ...

The breaches involved different malware and both companies are investigating whether payment card information was stolen.