Why secure applications are difficult to write

摘要

The author categorizes application security concerns into four specific issues: input streams, output production, internal data, and algorithms and computation. The first two concerns - input and output - are related to the environment in which applications execute. The last two - data and algorithms - are related to an application's awareness of its own internal secrets. Those secrets could be the data an application stores or the algorithm it uses to perform its work. All four issues relate to awareness: secure software must always be aware of what is going on, both inside its perimeter and out to respond effectively to malicious threats.