Chandler Security

Security is a subset of quality. Security must be built in, because adding it in later is costly and will likely not provide very good security. A bug in any part of the application may be a security vulnerability, so everyone is responsible for writing secure code.

People

  • HeikkiToivonen

Project Overview

The Chandler security project encompasses everything from identifying security threats we need to protect against and technologies we will use to counter the threats: cryptography, access control and secure software development methodologies and best practices. We also lump privacy with security. Finally there is a policy and plan for security response when things go wrong.

Recommended Reading

  • Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw, ISBN 020172152X. Book site 1.
  • Writing Secure Code, 2nd Edition by Michael Howard and David LeBlanc, ISBN 0-7356-1722-8. Errata
  • 19 Deadly Sins of Software Security by Michael Howard, David LeBlanc and John Viega, ISBN 0-07-226085-8.

  • Secure Programming Cookbook for C and C++ by John Viega and Matt Messier, ISBN 0-596-00394-3. Book site 1. Errata.

  • Practical Cryptography by Niels Ferguson and Bruce Schneier, ISBN 047122894X. Book site 1
  • Network Security with OpenSSL by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X. Books site 1, 2
  • SSL and TLS by Eric Rescorla, ISBN 0-201-61598-3. Book site 1. Errata.


Historical references of interest

  • Search all Chandler wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Jungle wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Journal wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Main wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
PageInfo
PageType HomePage
MaintainedBy HeikkiToivonen
PageStatus Work in progress -- this page is still being drafted?
Trash.CommentsWelcome2 Feel free to contribute comments?
This topic: Projects > DevelopmentHome > SecurityFramework
History: r54 - 05 Jul 2007 - 13:56:13 - HeikkiToivonen
 
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.