“Integrity” in the software security realm would ensure that the data, information, or knowledge involved in the production of the software-
- Exists (not null or unknown)
- Is consistent (no contradictions or ambiguity)
- Is correct (exact, and not inaccurate)
Each phase of the software development lifecycle requires integrity to make it reliable, secure, and resilient.
Best practices which involve integrity would include-
Best practices which involve integrity would include-
- accurate and precise gathering (and analysis) of requirements
- designing based on exhaustive use cases and data integrity best practices like hashing
- coding practices which have no “ambiguity in declaration and code usage, and behaviors that are unspecified or undefined” [1]
- integrity testing with test cases which check for overflows, infinite loops, data corruption, data loss, and dangling pointers [2]
- deployment – checksum verification, security certificates, and robust network configurations (if needed)
- maintenance – complete, accurate, and exhaustive documentation, version integrity, and clean upgrades (which don’t introduce new bugs, while trying to fix old ones)
References:
1. Goforth, A. (n.d.). The Role and Impact of Software Coding Standards On System Integrity. Retrieved from https://ti.arc.nasa.gov/publications/9471/download/
2. Walls, C. (2013, September 2). Software integrity testing. Retrieved from https://blogs.mentor.com/colinwalls/blog/2013/09/02/software-integrity-testing/