Software security: Build security
Security by design has nothing to do with chance: it's a matter of skill and knowledge across multiple fields. Secure development is always context-related. Whatever the project, security has to factor in what the system does and what it's used for. A web server authentication module won't be developed the same way as a pacemaker.
Cryptography, another essential aspect of modern security, calls for different skills and knowledge from those used in classic security, from underlying mathematical theory to implementation. Random number generators and protocol modes hold critical importance and require special attention. A minor error can have major impact on the whole design.
Though software design differs considerably from offensive security, both skills are essential in producing effective results:
- Review and design of cryptography associated with the software and hardware used
- Design and development of security libraries (secure protocols, for example)
- Robust code design
- Secure source code management