Skip to main content

Designing for Security

Ideally, thinking of security at the start of a project will mean more hard decisions and discussions and work up front, but a better implementation and product in the end. Like so much of software engineering, it's a team sport and an infrequently included group in security discussions are the designers, like the folks doing Human Centered Design (HCD or UCD), User Experience (UX) or whomever in your world takes care of designing the parts of the system the users touch.

They can help a lot with designing security into a product and setting a cyber security mindset. The article on linked in (https://www.linkedin.com/pulse/designing-security-lindsay-morsillo/) looks at this in more detail (7-10 minutes to read).


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test. It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph. What unit tests should we write? How do we know what to test? Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test. In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete. Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently. It should test the inputs "goes into" an...
Post a Comment
Read more

JavaScript and JQuery Palettes...

I have been immersing myself in the world of d3js and more, specifically Plotly.js . This has required me to look at palettes, and to create some palettes - which I did with Paletton . I find it tedious, so I am creating some helpers, like the code below which displays a given list of palettes (each of which is simply an array of colors in your favorite format). <table id="Palette"> <tbody></tbody> </table> <script> var defaultColorsPalette = ["#ffd99a", "#225ea8", "#ffc09a", "#9dc4f4", "#ffbf58", "#ffdb58", "#257294", "#ff9658", "#61a1f3", "#ffa719", "#ffce19", "#ff6e19","#ffe99a", "#2a82f2", "#ff9e00", "#ffc900", "#ff5f00", "#036bf0" ]; //via colorweb2 var sequentialMultihueBlueYellowPalette = ["#ffffd9", "#edf8b1", "#c7e9b4",...
Post a Comment
Read more

It's all broken...

So, Scott Hanselman struck a chord again:  Everything's broken and nobody's upset . The worst part is I can see that I'm part of the problem on both sides . I've excused many problems with software - shrugging as I restart the software or reboot. I save my anger for those occasions where I fell I've lost serious work and substantial time. Other than that I accept problems, glitches, crashes as "the cost of doing business". I believe it's actually because I've amused myself and earned a living creating software, that I am able to accept what's often pitiable quality. I've spent time working on systems that are not much more than breadboards with wires cascading from it, where getting something, anything to work was a huge accomplishment. But that was then and this is now. No way would I put up with a car that suffers from numerous small problems as today's software can. And putting these two thoughts together, it's now frightening ...
2 comments
Read more