r55 - 05 Dec 2007 - 21:54:20 - HeikkiToivonenYou are here: OSAF >  Projects Web  >  DevelopmentHome > SecurityFramework

Chandler Security

Security is a subset of quality. Security must be built in, because adding it in later is costly and will likely not provide very good security. A bug in any part of the application may be a security vulnerability, so everyone is responsible for writing secure code.


  • HeikkiToivonen

Project Overview

The Chandler security project encompasses everything from identifying security threats we need to protect against and technologies we will use to counter the threats: cryptography, access control and secure software development methodologies and best practices. We also lump privacy with security. Finally there is a policy and plan for security response when things go wrong.

Recommended Reading

  • Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw, ISBN 020172152X. Book site 1.
  • Writing Secure Code, 2nd Edition by Michael Howard and David LeBlanc, ISBN 0-7356-1722-8. Errata
  • 19 Deadly Sins of Software Security by Michael Howard, David LeBlanc and John Viega, ISBN 0-07-226085-8.

  • Secure Programming Cookbook for C and C++ by John Viega and Matt Messier, ISBN 0-596-00394-3. Book site 1. Errata.

  • Practical Cryptography by Niels Ferguson and Bruce Schneier, ISBN 047122894X. Book site 1
  • Network Security with OpenSSL by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X. Books site 1, 2
  • SSL and TLS by Eric Rescorla, ISBN 0-201-61598-3. Book site 1. Errata.

Historical references of interest

  • Search all Chandler wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Jungle wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Journal wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Main wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r55 < r54 < r53 < r52 < r51 | More topic actions
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.