Don t Throw It All Away

Don't Throw It All Away

One final piece of advice: All the planning that happens during the design phase will be for naught if it isn't communicated to the developers implementing and testing the code. Remember that this includes people who might be brought in much later in the product life cycle ”people who have no prior knowledge of the security protocols being used.

It's obviously essential to document the design philosophy from the security perspective, as well as the specific protocols being used (the use of choke -point handles, for instance). But developers are notoriously bad at reading documentation, so extra effort is needed.

The most important information should be included with the sort of materials used to bring developers up to speed on a project (information on the source code control and build system for the project, for example). You should make an effort to include relevant details in the source code, where developers are most likely to see and read it.

Probably the most effective technique here is to keep it simple. Security, like synchronization in a multithreaded environment, is incredibly easy to mess up once it gets complicated. If you have a complex scheme with different rules for different scenarios and many special cases, it's likely that your code will have many subtle preconditions that could be broken without anyone noticing. Furthermore, the more complex the rules, the less likely that all the developers will know and abide by them.