U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Assume that Human Behavior Will Introduce Vulnerabilities into Your System

Published: June 26, 2013

Author(s): William L. Fithen Maturity Levels and Audience Indicators: L4  / D/P  SDLC Life Cycles: Implementation Copyright: Copyright © Carnegie Mellon University 2005-2012.

Abstract

People introduce vulnerability.

Description

This is the superclass of guidelines related to human behavior. It is presently a placeholder. We have not defined any subsidiary guidelines and, for the present, do not intend to. It is meant to make clear the dichotomy between technologically and socially related advice.

Note that the existence of this class is predicated on the assumption that the "system" under discussion does include the humans who use it.

There is a distinction between behavior of the "good guys" and the "bad guys." We do not regard adversary behavior as falling under this class. This class covers what might be called "inappropriate" good guy behavior, sometimes called "abuse." Adversarial behaviors are covered in an entirely different group of documents called "attack patterns."


Back to Top