User Tools

Site Tools


en:security:software:libraries:start
 
 

Libraries and frameworks

The vulnerability risk isn’t just the sum of all the unfixed security bugs in the code of a project installed, it includes the recursive sum of all the security bugs in all the sub-projects (libraries and frameworks) on which that software depends.

The use of solid, security-relevant libraries may save development effort and establish a well-understood level of security. If a security problem is found, the fix might be local to the library, instead of requiring wholesale changes throughout the code. Consider using safe string handling libraries, parametrised query mechanisms, input validation frameworks, and API schemes.


en/security/software/libraries/start.txt · Last modified: 2019/10/24 20:01 by Digital Dot