HOWTO write more secure free/open source software

By at 2:33 am Tuesday, Oct 11

Having recently conducted a security audit of several free/open source software programs for the Electronic Frontier Foundation, Chris Palmer and Dan Auerbach have published some guidelines for improving security in free/open software:

Avoid giving the user options that could compromise security, in the form of modes, dialogs, preferences, or tweaks of any sort. As security expert Ian Grigg puts it, there is “only one Mode, and it is Secure.” Ask yourself if that checkbox to toggle secure connections is really necessary? When would a user really want to weaken security? To the extent you must allow such user preferences, make sure that the default is always secure.

Guidelines for Securing Open Source Software [eff.org]

Read more      

Cory Doctorow

Upcoming appearances

* Mar 9, Washington DC, IAPP Global Privacy Summit
* Mar 22, London, The Economist Technology Frontiers
* Mar 24, London, ORGCon

Recent books:
* Context (essays)
* With a Little Help (short stories)
* For the Win (YA novel)
* Makers (adult novel)

Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.