Reuse

From The Secure Arc Wiki

Jump to: navigation, search

Contents

Assertion

Existing security controls should be given preference over custom solutions

Rationale

Secure software is hard. The largest, most experienced and deep pocketed software developers in the world, both commercial and open source, are constantly patching security vulnerabilities in software that has been in the wild and hardened over many years. It is arguably implausible for developers of a particular system to invent and deliver a security solution that is as good as or better than an off-the-shelf solution. Add to that the need to fully and clearly document how the custom security solution works for maintainers of the software and new developers to comprehend, maintain and extend the solution and the cost of training up those resources.

Further detailed information is available on Wikipedia.

Related References

Policies & Standards

Design Patterns

Navigation

Personal tools