- Name: Security
- Reference Number: 0007
- Parent: N/A
- Children: N/A
- Category: Execution Qualities
Table of Contents:
Security is the protection of the system from theft, leaking of data, and disruption/misdirection of services.
- When a developer wants to check the open source projects used in the framework, they can review the software inventory to determine whether their project is at risk for a given security issue
- When compiled with the following settings, zero warnings will be produced:
-Wall -Wextra -pedantic
- When static analysis is run on framework components, no errors should be reported
CI Server test cases:
- Unauthorized users should not be able to login to the CI server
- Unauthorized users should not be able to view CI server status
- Authorized users should only see a project if they have the correct permissions
- Only administrators can modify CI server settings
N/A
IoT devices are frequently riddled with security holes, buffer overflows, and lack of encryption. The framework should provide developers with the tools needed to create a secure program design.
N/A
Security is related to Resilience and Robustness. The framework can operate under a wider variety of conditions if it handles security issues reliably.
XN (Execute Never) marks certain areas of memory as non-executable and was introduced in ARMv6. This is the least you can do against Buffer Overflows. It shouldn’t be the only enabled mitigation, but heck, that’s the least you should do.