8 simple rules for developing secure source code
michael howard, a senior security program manager at Microsoft, wrote an article discussing how to develop secure source code by using the right analysis tools and experts and how to reduce risks using fuzzing and threat modeling; the article invite us to check the application's inputs and to learn the security concepts
the article talks about the habits that any developer must have in aim to get a final, secure and efficent product :
habit #1: taking responsibility
habit #2: never trust Data
habit #3: model threats against the code
habit #4: staing one step ahead
habit #5: fuzzing.
habit #6: do not write insecure code
habit #7: recognizing the strategic asymmetry
habit #8: use the best tools
the article is available in the MSDN magazine, here .
2 comments
These are as fuzzy as you can get from a PGM, who never wrote a line of code ;-), but he wrote 5 books on processes and dev cycles.
I guess #6 is very thought of :-)
#8 says it all and of course we should use Visual Studio :-)
can we really trust a microsoft program manager :-) despite the fact that their program contains many bugs and security holes ? I think yes,because they make complex systems which works,even if some people didn't agree with that fact.
I will take a look to the link you put,thanks.