Monday, October 30, 2006

Documenting and Evaluating the Security Guarantees of Your Apps

In the article Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps, Mark Pustilnik pointed out the missing link in SDL:
  • Tying secure design and implementation of software directly to the functional specifications of security features in a way that can be understood by customers at any level of depth they require (and that your licensing terms allow).

According to Mark, security of software is not a compliance artifact. Rather, it is a set of key features that can and should be documented, evaluated, and used when making purchasing decisions.

Today's software is, by and large, developed and distributed in a manner that is most suited to the following two principles:

  • Utilizing sound software engineering practices during implementation
  • Patching vulnerabilities found by hackers after software has been deployed

Mark intruduced three rules:

  • Design and develop software that addresses the stated as well as implicit security requirements placed upon it by users.
  • Avoid introducing features into the software that imply, but cannot deliver, defensible security guarantees.
  • Publish sufficient information about the design of security features to convince your users that the design is solid.

Security considerations and guarantees apply to many features of the software, even those that on the surface are not primarily security features. Listing requirements in conjunction with the associated security guarantees is the key to understanding a full range of protections afforded by the software.