To date, much of the web and mobile security focus has been on security bugs such as cross-site-scripting and SQL injection. Due to the number of those issues and the fact that the number of bugs in general increases in proportion to the number of lines of code, it’s clear that if we hope to address software security problems as a community, we also need to invest in designing software securely to eliminate entire classes of bugs.
To that end, we are participating in the founding of the IEEE Center for Secure Design, which was announced today, and contributed to the Center’s in-depth report on “Avoiding the top ten software security design flaws.” We hope it serves as a useful resource to help software professionals as well as the community at large build more secure systems. We’ve been using these secure design principles in some form at Twitter, and with their codification by the IEEE, we’ll be further leveraging them in our own internal documentation and processes.
As we continue to scale the mobile and web services that we provide, it will be increasingly important to continue taking a holistic, proactive approach to designing secure software to protect our users.
Our participation in the IEEE Center for Secure Design is one way we are glad to contribute back to the community while furthering our own approach to secure software design.
To learn more about the IEEE Center for Secure Design and download the report, visit cybersecurity.ieee.org.