Don't Throw It All Away
One final piece of advice: All the planning that happens during the design phase will be for naught if it isn't communicated to the developers implementing and testing the code. Remember that this includes people who might be brought in much later in the product life cycle—people who have no prior knowledge of the security protocols being used.
It's obviously essential to document the design philosophy from the security perspective, as well as the specific protocols being used (the use of choke-point handles, for instance). But developers are notoriously bad at reading documentation, so extra effort is needed.
The most important information should be included with the sort of materials used to bring developers up to speed ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
