Because of the importance of security, if a system has high security, the raw and processed information and data will be preserved in it. On the other hand, the system is protected from worms and hackers.

For developers and app designers, internet service companies and so on,

security is important for computer system of all fields in computer sciences.

Worldwide all the people need the security for their system.

These 2 websites are what I could find. Hopefully, this helps and seems to have a ton of information regarding your question.

www.cshub.com/whitepapers

Because of the importance of security, if a system has high security, the raw and processed information and data will be preserved in it. On the other hand, the system is protected from worms and hackers.

For developers and app designers, internet service companies and so on,

security is important for computer system of all fields in computer sciences.

Worldwide all the people need the security for their system.

Elika Daghighi : Thanks for your answer. I am totally understand the importance of security and as I am having a security background for me their importance is obvious. I know that best practices are by definition believed to be secure and I am looking for some paper that formally verify and prove security.

Michael Marquez : Thanks for the link, I am going to check it out.

Hermann Gruenwald : I am totally agree, but I am looking for some papers that prove this by using formal or other verification methods. For example, in case of OAuth there is the following article that proved the role of BCPs in securing the system by using formal analysis: "The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines"

Dear Amir Sharif ,

Software security isn’t simply plug-and-play. Our top 10 software security best practices show you how to get the best return on your investment.

https://www.synopsys.com/blogs/software-security/top-10-software-security-best-practices/

Regards,

Shafagat

Dear Shafagat Mahmudova

Thanks for your help and the nice article you shared.

Amir

I see as one corner stone the enforcement of "secure by design (SBD)" principals. A combination with "privacy by design" or secure code review in your software developement cycle can help you to establish your best practice.

Dear Jan Loeschner ,

Thanks for bringing up this fundamental point. Secure by design principal is one of the most important concept that is missing mostly in SDLC. However, I found some interesting research papers that I would like to share:

• Building High Assurance Secure Applications using Security Patterns for Capability-Based Platforms
• Applicability of Security Patterns
• The creation of ‘best practice’ software: Myth, reality and ethics
• Using Security Patterns to Develop Secure Systems

Patch your software and systems Many attackers exploit known vulnerabilities associated with old or out-of-date software. To thwart common attacks, ensure that all your systems have up-to-date patches. Regular patching is one of the most effective software security practices.. https://www.synopsys.com/blogs/software-security/top-10-software-security-best-practices/amp/

Computer security is important because it keeps your information protected. It's also important for your computer's overall health; proper computer security helps prevent viruses and malware, which allows programs to run quicker and smoother. https://blog.onsharp.com/the-importance-of-computer-security

With the growth of software flaws there is a rise in the demand of security embedding to achieve the goal of secure software development in a more efficient manner. Different practices are in use to keep the software intact. These practices also meant to be scrutinized for better results on the basis of the level of security, efficiency and complexity they are providing. It may also be weighted on the basis of Confidentiality, Integrity and Availability (CIA). Software security is a step by step procedure which can not be achieved just at a specific level but it should be taken into account from the beginning of the Software Development Life Cycle (SDLC). https://www.researchgate.net/publication/237403607_Best_practices_for_software_security_An_overview

Dear Amir Sharif ,

thank you for suggesting reading on security patterns and their role in the software developement cycle. It reminds me of an other related aspect, which I have seen in several security assessments: The combination of secure componenets in a system does not neccesarely lead to a secure system. I would always insist in a security assessment of the final production system! If your system is a secure software system then you need to validate on the production system to which extend all your develpopement measures taken really lead to the objective of having a secure final system.

Dear Jan Loeschner

Thanks again for the insights that you brought, actually what you mentioned it was the first reason that I bring to my mind the question with regard to the best practices. Best practices are by definition believed to be secure, but I didn't see a lot of research papers on proving the security by integrating the best practices. In my specific filed (Identity management) I saw papers that formally proved that the application of best practices, but I noticed few papers in general software engineering. The second point that I want to highlight is that I am agree with you that it is important to validate the production system, but I expect less security problem when you put aside secure components.