JPCERT/CC ソフトウエア設計工程における脆弱性低減対策「セキュアデザインパターン」(英語版)に新たに 6つのパターンを追加

　こんにちは，丸山満彦です。JPCERT/CCがソフトウエア設計工程における脆弱性低減対策「セキュアデザインパターン」(英語版)に新たに 6つのパターンを追加した公表していますね。。。
　

　
■JPCERT/CC
・2009.11.04 ソフトウエア設計工程における脆弱性低減対策「セキュアデザインパターン」(英語版)に新たに 6つのパターンを追加しました
　・・ソフトウエア設計工程における脆弱性低減対策 「セキュアデザインパターン」(2009年10月更新：英語版)

新たに追加されたところは，下線の部分です。。。

●Architectural-level patterns
　 Distrustful Decomposition
　 PrivSep (Privilege Separation)
　 Defer to Kernel

●Design-level patterns
　 Secure Factory
　 Secure Strategy Factory
　 Secure Builder Factory
　 Secure Chain of Responsibility
　 Secure State Machine
　 Secure Visitor

●Implementation-level patterns
　 Secure Logger
　 Clear Sensitive Information
　 Secure Directory
　 Pathname Canonicalization
　 Input Validation
　 Resource Acquisition Is Initialization

＝＝＝＝＝
Architectural-level patterns.
　Architectural-level patterns focus on the high-level allocation of responsibilities between different components of the system and define the interaction between those high-level components.

Design-level patterns.
　Design-level patterns describe how to design and implement pieces of a high-level system component, that is, they address problems in the internal design of a single high-level component, not the definition and interaction of high-level components themselves.

Implementation-level patterns.
　Implementation-level patterns address low-level security issues. Patterns in this class are usually applicable to the implementation of specific func-tions or methods in the system. Implementation-level patterns address the same problem set addressed by the CERT Secure Coding Standards [CERT 2009a] and are often linked to a corresponding secure coding guideline.
＝＝＝＝＝

Comments

firefox だと箇条書きレベル2のマークが化ける．なんでだろう．

Posted by: g | 2009.11.09 at 08:18