Rules of thumb for developing secure software

This article presents guidelines to develop secure applications in the form of "Do's and Don'ts" applying mostly to the software design level, but also to the implementation level. It builds on two collections of similar rules published in two seminal books in the area of secure software development, criticizes and improves those earlier rules and extends them by several new ones, arriving finally at a consolidated set of rules for developing secure software.