Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Software

IEEE Guides Software Architects Toward Secure Design 51

msm1267 writes: The IEEE's Center for Secure Design debuted its first report this week, a guidance for software architects called "Avoiding the Top 10 Software Security Design Flaws." Developing guidance for architects rather than developers was a conscious effort the group made in order to steer the conversation around software security away from exclusively talking about finding bugs toward design-level failures that lead to exploitable security vulnerabilities. The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration.
This discussion has been archived. No new comments can be posted.

IEEE Guides Software Architects Toward Secure Design

Comments Filter:
  • by Anonymous Coward on Friday August 29, 2014 @05:18PM (#47787171)

    Ha! My wife works with systems you likely developed, or at least had to have gone through the CIO's office. You clearly have never had to use any of the systems you created. The CMS, in particular, is one of the worst pieces of corporate software I've ever seen. A big part of her job is pushing files _one_at_a_time_ to the production systems because there is no way to do bulk updates. Rolling back is just as painful if a problem is discovered during a rollout (other groups submit the content and, in theory, have tested it ahead of time). There have been high-profile outages of the main web site due to the way the CMS was "architected". She gets paid a ton of money to do something that should be done in software.

    Maybe you worked on the trading platform or other systems, but if the internal systems used for content management are any indication, I'd say you did a terrible job and maybe could have benefited from an architect.

    My biggest issue with people who don't like architects is this: they usually have never really had to deal with the consequences of their actions and just assume they did a great job. Of course, most architects have the same problem. Large corporations are excellent at breeding this mentality (I know, because I've had to clean up shit from people who reported to the CIO and completely f'd up agile). You'll note that the problem I'm really highlighting here is that in big corporations, software is usually shit and people are applauded for it anyway, regardless of whether they used agile, waterfall, or nothing at all. Everyone thinks they did a great job because they got paid and promoted and report to important people. How could they be doing anything wrong??? :P

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe