Writing Secure Code

There are several things to watch out for:

• A process sending output to users that comes from the OS or the run-time environment

• Operations on secret data that dont complete in a fixed amount of time, where the time is dependent on the makeup of the secret data

• Accidental use of sensitive information

• Unprotected or weakly protected sensitive or privileged data

• Sensitive data sent from a process to potentially low-privileged users

• Unprotected and sensitive data sent over insecure channels