IEEE Computer Society shares top security design flaws

Share this article:

The IEEE Computer Society's Center for Secure Design released a report Wednesday on the top 10 software security design flaws plaguing developers, as well as recommendations for avoiding such mistakes.

The document was unveiled by the group's new Center for Secure Design, which aims to shift the industry's focus from finding bugs to a more proactive approach – “identifying common design flaws in the hope that software architects can learn from others' mistakes,” the report said.

The group recommended that developers validate all data received from an untrusted client before processing; that they use an authentication mechanism that cannot be bypassed or tampered with; and that user authorization occurs even after initial authentication takes place. 

Also among the recommendations, were that developers use cryptography correctly, and identify sensitive data and how it should be handled, the report said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS