wooooo! awesome beginning quote: Out of the crooked timber of humanity, no straight thing can ever be made. ÑImmanuel Kant so far, i think this is the best book i've read. Program organization Change strategy Buy versus build decisions Major data structures Key algorithms Major objects Generic functionality Error processing (corrective or detective) Active or passive robustness Fault tolerance rules of security architecture: "Start by asking questions Select a destination before stepping on the gas Decide how much security is "just enough" Employ standard engineering techniques Identify your assumptions Engineer security in from day one Design with the enemy in mind Understand and respect the chain of trust Be stingy with privileges Test any proposed action against policy Build in appropriate levels of fault tolerance Address error-handling issues appropriately Degrade gracefully Fail safely Choose safe default actions and values Stay on the simple side Modularize thoroughly Don't rely on obfuscation Maintain minimal retained state Adopt practical measures users can live with Make sure some individual is accountable Self-limit program consumption of resources Make sure it's possible to reconstruct events Eliminate "weak links" Build in multiple layers of defense Treat an application as a holistic whole Reuse code known to be secure Don't rely on off-the-shelf software for security Don't let security needs overwhelm democratic principles Remember to ask, "What did I forget?"" author says goal should be for software to be "just secure enough" :"A good theory," he said, "should be as simple as possibleÑbut no simpler.": "o have a realistic chance of building software that cannot easily be subverted, you must not think of your application as being merely the compiled lines of code in front of you. You must, rather, adopt the notion of a holistic application system. If you don't look at the entire set of components engaged during the execution of the application (including the server operating system, any supporting software, the network environment, and especially the real-life operations factors we've stressed so much), then whatever security measures you choose to adopt will eventually be surmounted by an attacker who does look at things that way. If you do adopt this holistic view and successfully apply the principles we've presented throughout this book, your software will have a fighting chance to withstand the kinds of attacks that it must face today and, we believe, well into the future."