SecurEth Guidelines
PlanningDevelopmentAuditRelease
Search…
v0.2.1
Introduction
Getting Started
Examples
Project Planning
System Description
Development Plan
Architecture
Preliminary Audit
Development
Software Requirements
Testing
Traceability
Managing Changes
Peer Reviews
Security Audit
Preparing for an Audit
Audit Prep Report
Test Results
Audit Revisions
Final Report
Network Release
Maintaining Your Project
Deployment Plan
Mitigation Plan
Incident Response
Tools
Tools for Secure Design
Creating Tools
Qualifying Tools
Tool Reports
Existing Tools
Access Controls
Access Controls Section
Contributing
Guideline Revision Process
Powered By GitBook
Tools for Secure Design
Tools are an extremely useful part of the toolset for Developers and Auditors alike to work with code meant for production environments. Tools can reduce human error and speed up development efforts, as well as increase uniformity and optimize code.
It is important however to realize that tools can also abstract away critical review processes that humans typically do, which may lead to scenarios where mistakes are missed and unknown vulnerabilities are added to your code or abstracted out of the design review and testing processes.
Therefore, tools themselves need to follow concrete rules about their operation if they assist in the design or verification process of production code. They should always err on the side of caution, only proceeding with removing human interaction if there is a complete guarantee that it does not introduce new errors, or conceal existing ones.
You should follow the Guidelines for any tool development, add documentation about the Qualification Status of your tool, and finally create a template for a Tool Report.

Got a comment? Check out our Gitter Channel!
Copyright and related rights waived via CC0
Network Release - Previous
Incident Response
Next - Tools
Creating Tools
Last modified 3yr ago
Copy link
Contents