Title :
Considering defense in depth for software applications
Author_Institution :
Air Force Res. Lab., Wright-Patterson AFB, OH, USA
Abstract :
Despite efforts to develop processes and technologies that enhance software application security, to date, no one has found a "silver-bullet" solution or set of solutions that solve this complex problem - and there don\´t appear to be any on the horizon. As a result, perhaps researchers and developers should consider a defense-in-depth strategy and determine if it provides a more resilient and cost-effective approach to application security than a single line of defense. The best defense-in-depth strategy for software source and binary code would intertwine application defenses in such a manner that each defensive technique interlocks with and supports all the others. Of necessity, this conceptualization for interlocking defense Would not relieve the development team of the need to maintain best practices for secure software development and software development in general.
Keywords :
security of data; software engineering; application defenses; application security; best practices; binary code; cyberworld; defense-in-depth strategy; development team; interlocking defense; secure software development; software application security; software applications; software source code; Application software; Biosensors; Computer architecture; Computer security; Data analysis; Performance analysis; Privacy; Protection; Software performance; Visualization;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSECP.2004.1264860
