IEEE Computer Society shares top security design flaws

Share this article:

The IEEE Computer Society's Center for Secure Design released a report Wednesday on the top 10 software security design flaws plaguing developers, as well as recommendations for avoiding such mistakes.

The document was unveiled by the group's new Center for Secure Design, which aims to shift the industry's focus from finding bugs to a more proactive approach – “identifying common design flaws in the hope that software architects can learn from others' mistakes,” the report said.

The group recommended that developers validate all data received from an untrusted client before processing; that they use an authentication mechanism that cannot be bypassed or tampered with; and that user authorization occurs even after initial authentication takes place. 

Also among the recommendations, were that developers use cryptography correctly, and identify sensitive data and how it should be handled, the report said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.