Secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, and secure programming practices are used as part of application development.
Topic
Secure software design and development
Applicable to
all
History
Priority
should
Mar 2023
Secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, and secure programming practices are used as part of application development.
An existing control relating to ‘secure-by-design principles and secure programming practices’ being used as part of application development was amended to ‘secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, and secure programming practices’.
Mar 2022
Secure-by-design principles and secure programming practices are used as part of application development.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Oct 2019
Platform-specific secure programming practices are used when developing software, including using the lowest privilege needed to achieve a task, checking return values of all system calls, validating all inputs and encrypting all communications.
Security control 0401 was modified to include the recommendation to encrypt all communications.
Sep 2019
Platform-specific secure programming practices are used when developing software, including using the lowest privilege needed to achieve a task, checking return values of all system calls and validating all inputs.
2015
Software developers should use secure programming practices when developing software,including:• designing software to use the lowest privilege level needed to achieve its task• denying access by default• checking return values of all system calls• validating all inputs• following secure coding standards.
2010
Agencies should ensure that software developers use secure programming practices when writing code,including:••••designing software to use the lowest privilege level needed to achieve its taskdenying access by defaultchecking return values of all system callsvalidating all inputs.
2008
Agencies should ensure that software developers use secure programming practices when writing code, including: a. designing software to use the lowest privilege level needed to achieve its task b. denying access by default c. checking return values of all system calls d. validating all inputs.