Enduring Ideas in the Realm of Software
If you know the underlying principles for security, you can be more effective in your security design. While working on Improving Web Application Security: Threats and Countermeasures, my team focused on creating a durable set of security principles. The challenge was to make the principles more useful. It’s one thing to know the principles, but …
While working on Improving Web Application Security: Threats and Countermeasures, my team created the software security frame. We used the Security Frame to organize and prioritize software security issues. We used this frame throughout the guide to organize our guidelines and checklists. We also used the Security Frame to build evaluation criteria to help find …
How can you quickly determine whether a recommendation or technique is relevant to your context? You can use context-precision. Context precision is simply a set of categories that help clarify the context. I use context-precision both for creating more relevant guidance and for evaluating the relevancy of guidance. Example Here’s an example figure I draw …
Photo by mrkumm While working on Improving .NET Application Performance and Scalability (Patterns & Practices), my team created the software performance frame. We used the performance frame to organize and prioritize software performance and scalability issues. We used this frame throughout the guide to organize our guidelines and checklists. We also used the performance frame …
STRIDE is an acronym to help you think about potential software security threats and attacks. It helps you think evil (i.e. like an attacker.) I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder. He told me that he originally created STRIDE to help people get in the right mind-set …
