Security procedures for program libraries

As computer programming has become more complex, management has become more concerned about its own ability to exercise appropriate control over the programmer.This paper describes an implementation of procedures, libraries, and separation of duties to improve security in programming. This implementation helps to limit scope, reveal programmer intent and fix accountability. It assumes and supports such improved programming technologies as top-down design, structured programming, psuedo-code documentation, use of librarians, inspections, and “walk-throughs”.While the implementation described here will contribute to security, it is not sufficient. Management will wish to consider the application of many other measures.