Appendix D
A Developer's Security Checklist
No matter what your role is when developing software, it's useful to have a checklist to follow to make sure the design and the code meets a minimal bar. I have to be honest and say that while checklists are useful, simply following a checklist does not mean you will write secure code, but it's a reasonable start and it's useful for new employees. I once overheard a developer point to his group's security checklist and utter to a new hire, If you don't meet this bar, you'll be in trouble!
Be aware that this is a minimal checklist. A softcopy is available in the Security Templates folder in the book's companion content. You should take this document and add your own policy, and the document should be updated regularly as new flaw categories are discovered.