Chapter 3. Security
Error is all around us and creeps in at the least opportunity. Every method is imperfect.
Software security is a complex and uniquely difficult issue. The security of software is subject to the weakest-link phenomenon; no matter how well you secure one part of your system, your efforts will be worthless if another part has a security hole and you are facing a determined adversary. Contrast this with the way other nonfunctional software requirements can be satisfied: Every step you take toward making your software more portable, reliable, usable, or efficient will contribute positively to the overall result. In addition, security can be judged only against requirements, which can vary considerably between ...