Deck 3: Principles of Security and Quality

ISO and IEEE have published many resources regarding quality software and the development processes that produce such software.

The principle of Least Privilege states that you should give users the least amount of privilege required to perform their use case functionality.

Defense in depth is designed on the principle that a single layer of protection from different vendors or software is sufficient.

The principle of maintainability includes the tenet that the application is able to run itself.

Complex code is better for the development team.

Authentication ensures that the user has the appropriate role and privilege to view data.

Readability and Credibility are two types of principles of security and quality.

A developer can write useful code that will allow unauthorized users to access the applications assets.

Availability refers to the percentage of time a developer is available during scheduled hours of operation.

The goal of confidentiality is to ensure that no user other than the owner(s) can see or access the data.

Complexity will never be a factor no matter how reusable or understandable the code is.

The Information Systems Security Association's (ISSA) main purpose is to promote practices that will ensure the confidentiality, integrity and availability of organizational information resources.

Software diversity is the ability to anticipate change in the software so that is becomes flexible and self-maintaining.

A design that requires one key to send and receive data is more secure than a design that allows access to the information with two keys.

"Fail Securely" is simply what happens when the system goes down.

The integrity of the application is defined by the way in which the application accepts, transmits and stores data.

The goal of SWEBOK is to define a clear set of boundaries and materials that make up software development from an engineering perspective.

No one is more responsible for the quality of the code than the Project Manager.

The foundation of software applications and the development processes that produce them are based on common best principles of quality code and secure code.

Building smart code is a great way to advertise your skills as a secure developer.

CONSTANTS are values that are changeable within a programming language.

An asset is a valued resource that the application has to protect.

Methodologies help the overall process by making everyday development activities predictable, continual, and most of all visible.

It's possible to have quality without security.