Writing Secure Code

Do define who should have access to what error and status information data.

Do use operating system defenses such as ACLs and permissions.

Do use cryptographic means to protect sensitive data.

Do not disclose system status information to untrusted users.

Do not provide high-precision time stamps alongside encrypted data. If you need to provide them, remove precision and/or stick it in the encrypted payload (if possible).

Consider using other less commonly used operating system defenses such as file-based encryption.

Consider using cryptography implementations explicitly hardened against timing attacks.

Consider using the Bell-LaPadula model, preferably through a preexisting mechanism.