A Note When Reviewing Product Specifications
No doubt as a documentation person you will review product specifications to determine how best to document features in a secure manner. The following list outlines some aspects of the specification that require you to document security ramifications:
The specification outlines customer security holes addressed in a code or design change.
The specification describes architectural details from which an attacker could deduce security holes.
The specification talks about design compromises made to accommodate legacy functionality that could be insecure.
The specification gives multiple ways of doing something but is silent about which of them is more secure.
The specification describes a scenario in which the new feature will not work unless security is downgraded.
The specification assumes that features elsewhere are turned on but does not address security implications.
You should carefully and accurately document the security ramifications of any of these notes.