for RuBoard |
So what have we learned?
First, security is a fundamental concept, not a bolt-on module of code. A basic understanding of security is required of everyone working on a project, not just a security team; otherwise , security holes will result. If code is to be granted trust by a system administrator, it must earn that trust by not compromising system security.
Second, the runtime security is in addition to, not an alternative to, operating system security.
Finally, the runtime provides a rich set of resource access methods with prepackaged security checks, plus the ability to add more checks and even create new types of checking. None of this automates the security process, however, or absolves the developer from the need to understand basic security principles.
for RuBoard |