SCP [213] Cornucopia - General Coding Practices added to Security Frameworks and Libraries

SCP [213] Implement safe updating. If the application will utilize automatic updates, then use cryptographic signatures for your code and ensure your download clients verify those signatures. Use encrypted channels to transfer the code from the host server

ref: https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/assets/docs/OWASP_SCP_Quick_Reference_Guide_v21.pdf

2.1.13 Doesn't cover using cryptographic signatures when updating code which is considered best practice when updating frameworks and libraries safely.

ref: https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
ref: https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/

**I am suggesting that we add:** 

Use cryptographic signatures when updating your code and ensure the package manager verify those signatures.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

SCP [213] Cornucopia - General Coding Practices added to Security Frameworks and Libraries #121

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

SCP [213] Cornucopia - General Coding Practices added to Security Frameworks and Libraries #121

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions