Software Security

1 - About

Security regroups many subject area round user management such as:

  • authentication (user/password) and its method (ldap, table, …)
  • authorization (group, privileges and role, object and information access)

Provide mechanism rather than policy. In particular, place user interface policy in the clients hands

Shorthand guide:

3 - Principles

Kerckhoffs's_principle A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

4 - Characters

Alice and Bob are fictional characters commonly used as placeholder names in cryptology.

5 - Illustrations

The most effective picture to explain software security.

Everything I try to teach my freshman about security, in one photo:

6 - Data Lost

7 - First Rule

8 - Security / Privacy

En Twitter

9 - Security and bug

The security industry is largely obsessed by finding (and selling / using / patching / reporting / showcasing / stockpiling / detecting / stealing) these “dangerous/useful” variety of bugs. And this obsession is continually fulfilled because bugs keep happening – which is just the nature of software development


Jason A. Donenfeld. See replied from Linus Torvalds (Tue, 21 Nov 2017) - [GIT PULL] usercopy whitelisting for v4.15-rc1

10 - Documentation / Reference

security/security.txt · Last modified: 2018/04/18 16:52 by