Software Security

Security regroups many subject area round:

• user management such as:
  • authentication (user/password) and its method (ldap, table, …)
  • authorization (group, privileges and role, object and information access)
• and data secrecy:
  • Cryptography - Key

Provide mechanism rather than policy. In particular, place user interface policy in the clients hands

Shorthand guide:

• Identification: Who are you?
• authentication: Prove it.
• authorization: Here is what you are allowed to do.

Kerckhoffs's_principle A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Alice and Bob are fictional characters commonly used as placeholder names in cryptology.

The most effective picture to explain software security.

Everything I try to teach my freshman about security, in one photo:

Data Lost or downtime. http://www.emc.com/microsites/emc-global-data-protection-index/index.htm

Don't hire assholes

En Twitter

The security industry is largely obsessed by finding (and selling / using / patching / reporting / showcasing / stockpiling / detecting / stealing) these “dangerous/useful” variety of bugs. And this obsession is continually fulfilled because bugs keep happening – which is just the nature of software development –

…………

Jason A. Donenfeld. See replied from Linus Torvalds (Tue, 21 Nov 2017) - [GIT PULL] usercopy whitelisting for v4.15-rc1

• Security Problem Solved? Solutions to many of our security problems already exist, so why are we still so vulnerable?
• Sensible Authentication
• https://www.politie.nl/nieuws/2018/januari/16/00-slachtoffers-voor-7-miljoen-euro-dupe-van-microsoftscam.html