5. Guiding Principles for Software Security

“We shall not cease from explorationAnd the end of all our exploringWill be to arrive where we startedAnd know the place for the first time”

—T. S. ELIOTLITTLE GIDDING

We hope we’ve been able to impress on you the fact that software security is hard. One of the biggest challenges is that some important new flaws tend to defy all known patterns completely. Following a checklist approach based on looking for known problems and avoiding well-marked pitfalls is not an optimal strategy. For a good example we need to look no further than cryptography, where it is relatively easy to construct a new algorithm that resists the best known attacks on well-understood algorithms but that is still broken. New algorithms ...

Get Building Secure Software: How to Avoid Security Problems the Right Way now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.