SecAppDev 2023 lecture details

How to avoid the top ten software security flaws

Only 50% of software security defects are bugs. The other half are flaws in the design. This session builds on work from IEEE, Google, Twitter, Harvard, & others to present the top 10 security flaws along with guidelines to avoid them.

Tuesday June 13th, 11:00 - 12:30
Room Lemaire
Download handouts

Software security defects come in two categories: bugs in the implementation and flaws in the design. Most commercial solutions focus on finding and fixing bugs, which is a much easier problem than finding and fixing flaws. But did you know that flaws account for half of commonly encountered security defects?

In this session, we introduce the top ten of software security flaws, along with guidelines and best practices on avoiding them. This session is based on work from the IEEE Center for Secure Design, in concert with Google, Twitter, Harvard University, and others.

Key takeaway

A security top 10, but not as you know it. In this session, we explore the top 10 design flaws, along with guidelines on avoiding them in your applications.

Content level


Target audience

Software developers, architects, and AppSec professionals



Join us for SecAppDev. You will not regret it!

Gary McGraw
Gary McGraw

CEO, Berryville Institute of Machine Learning

Expertise: Software security, machine learning security, security engineering

More details

Join us for SecAppDev. You will not regret it!

SecAppDev offers the most in-depth content you will find in a conference setting