Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Rules of thumb for developing secure software: Analyzing and consolidating two proposed sets of rules

: Peine, Holger


Jakoubi, S. ; Institute of Electrical and Electronics Engineers -IEEE-:
Third International Conference on Availability, Security and Reliability, ARES 2008. Proceedings : Barcelona, Spain, 4th-7th March 2008
Los Alamitos: IEEE Computer Society, 2008
ISBN: 0-7695-3102-4
ISBN: 978-0-7695-3102-1
pp.1204-1209 : Ill., Lit.
International Conference on Availability, Reliability and Security (ARES) <3, 2008, Barcelona>
Conference Paper
Fraunhofer IESE ()
security; secure software engineering; software security; software engineering principle; programming; programming rule; design

This paper presents guidelines to develop secure applications in the form of "Do's and Don'ts" applying mostly to the software design level, but also to the implementation level. It builds on two collections of similar rules published in two seminal books in the area of secure software development, criticizes and improves those earlier rules and extends them by several new ones. The paper does not cover how to apply such rules in general.
The main direction of improvement is making the rules more constructive, less ambiguous, and removing aspects not related to security.