Vulnerabilities Arise During All Phases of the Software Process
- Project Planning Examples:
- Inadequate risk management
- Inadequate resource allocation
- Product Design Examples:
- A GUI that encourages "bad behavior"
- Ease of use vs. security tradeoffs
- Engineering Design Examples:
- Failure to consider capture-and-replay attacks
- Failure to consider covert timing channels
- Implementation Examples:
- API/Protocol abuse
- Error handling vulnerabilities
- Input validation vulnerabilities
- Deployment, Support and Maintenance Examples:
- Network configuration vulnerabiltiies
- Missing patches/updates