Security regroups many subject area.
The most known are:
- Identity management with:
- Crypto with:
- output encoding
Provide mechanism rather than policy. In particular, place user interface policy in the clients hands
The most effective picture to explain software security.
Everything I try to teach my freshman about security, in one photo:
Data Lost or downtime. http://www.emc.com/microsites/emc-global-data-protection-index/index.htm
Security / Privacy
Security and bug
The security industry is largely obsessed by finding (and selling / using / patching / reporting / showcasing / stockpiling / detecting / stealing) these “dangerous/useful” variety of bugs. And this obsession is continually fulfilled because bugs keep happening – which is just the nature of software development –