US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Build Security In. Setting a higher standard for software assurance.

Assume that Human Behavior Will Introduce Vulnerabilities into Your System

Published: June 26, 2013

Author(s): William L. Fithen Maturity Levels and Audience Indicators: L4 / D/P SDLC Life Cycles: Implementation Copyright: Copyright © Carnegie Mellon University 2005-2012.

Abstract

People introduce vulnerability.

Description

This is the superclass of guidelines related to human behavior. It is presently a placeholder. We have not defined any subsidiary guidelines and, for the present, do not intend to. It is meant to make clear the dichotomy between technologically and socially related advice.

Note that the existence of this class is predicated on the assumption that the "system" under discussion does include the humans who use it.

There is a distinction between behavior of the "good guys" and the "bad guys." We do not regard adversary behavior as falling under this class. This class covers what might be called "inappropriate" good guy behavior, sometimes called "abuse." Adversarial behaviors are covered in an entirely different group of documents called "attack patterns."


Back to Top