No one thing creates secure software, so you need to do a set of things to make adequately secure software. But no one has infinite resources; how can you have confidence that you are doing the right set? Many experts (including me) have recommended creating an assurance case to connect the various approaches together to an efficient, cohesive whole. It can be hard to start an assurance case, though, because there are few public examples.
So I am pleased to report that you can now freely get my paper A Sample Security Assurance Case Pattern by David A. Wheeler, December 2018. This paper discusses how to create secure software by applying an assurance case, and uses the Badge Application’s assurance case as an example. If you are trying to create a secure application, I hope you will find it useful.
path: /security | Current Weblog | permanent link to this entry