Avoiding the top 10 software security design flaws is a document published as part of the IEEE Computer Society cybersecurity initiative. IEEE Computer Society Center for Secure Design. The Center intends to shift some of the focus in security from finding bugs to identifying common design flaws in the hope that software architects can learn from others’ mistakes.
In early 2014 workshop participating experts arrived at a list they felt were the top security design flaws. Many of the flaws that made the list have been well known for decades, but continue to persist. Avoiding the top 10 software security design flaw document is the result of that discussion—and how to avoid the top 10 security flaws. In this document, a group of software security professionals have contributed both real-world data and expertise to identify some of the most significant design flaws that have led to security breaches over the past several years. The list of issues presented here is focused entirely on the most widely and frequently occurring design flaws
Because the authors, contributors, and publisher are eager to engage the broader community in open discussion, analysis, and debate regarding a vital issue of common interest, this document is distributed under a Creative Commons BY-SA license.