Software Security and Integrity


Integrity” in the software security realm would ensure that the data, information, or knowledge involved in the production of the software-
  • Exists (not null or unknown)
  • Is consistent (no contradictions or ambiguity)
  • Is correct (exact, and not inaccurate)
Each phase of the software development lifecycle requires integrity to make it reliable, secure, and resilient.
Best practices which involve integrity would include-
  • accurate and precise gathering (and analysis) of requirements
  • designing based on exhaustive use cases and data integrity best practices like hashing
  • coding practices which have no “ambiguity in declaration and code usage, and behaviors that are unspecified or undefined” [1]
  • integrity testing with test cases which check for overflows, infinite loops, data corruption, data loss, and dangling pointers [2]
  • deployment – checksum verification, security certificates, and robust network configurations (if needed)
  • maintenance – complete, accurate, and exhaustive documentation, version integrity, and clean upgrades (which don’t introduce new bugs, while trying to fix old ones)
References:
1. Goforth, A. (n.d.). The Role and Impact of Software Coding Standards On System Integrity. Retrieved from https://ti.arc.nasa.gov/publications/9471/download/
2. Walls, C. (2013, September 2). Software integrity testing. Retrieved from https://blogs.mentor.com/colinwalls/blog/2013/09/02/software-integrity-testing/