Abstract

Despite efforts to develop processes and technologies that enhance software application security, to date, no one has found a "silver-bullet" solution or set of solutions that solve this complex problem - and there don't appear to be any on the horizon. As a result, perhaps researchers and developers should consider a defense-in-depth strategy and determine if it provides a more resilient and cost-effective approach to application security than a single line of defense. The best defense-in-depth strategy for software source and binary code would intertwine application defenses in such a manner that each defensive technique interlocks with and supports all the others. Of necessity, this conceptualization for interlocking defense Would not relieve the development team of the need to maintain best practices for secure software development and software development in general.