A Note When Reviewing Product Specifications

Previous page
Table of content
Next page

A Note When Reviewing Product Specifications

No doubt as a documentation person you will review product specifications to determine how best to document features in a secure manner. The following list outlines some aspects of the specification that require you to document security ramifications:

  • The specification outlines customer security holes addressed in a code or design change.

  • The specification describes architectural details from which an attacker could deduce security holes.

  • The specification talks about design compromises made to accommodate legacy functionality that could be insecure.

  • The specification gives multiple ways of doing something but is silent about which of them is more secure.

  • The specification describes a scenario in which the new feature will not work unless security is downgraded.

  • The specification assumes that features elsewhere are turned on but does not address security implications.

You should carefully and accurately document the security ramifications of any of these notes.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Metrics and Models in Software Quality Engineering (2nd Edition)
The Java Tutorial: A Short Course on the Basics, 4th Edition
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Quantitative Methods in Project Management
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy