Logging is a critical yet often neglected aspect of software development, frequently implemented without adequate consideration for security, privacy, or compliance. This oversight can lead to vulnerabilities, hinder forensic investigations, and undermine regulatory obligations. This paper examines persistent deficiencies in logging practices using empirical data from a targeted developer survey, alongside analysis of OWASP Top 10 vulnerabilities and Common Weakness Enumeration (CWE) classifications. The findings reveal recurring issues, including the inadvertent exposure of sensitive data, failure to record security-critical events, and inconsistent or undocumented logging standards. Despite the central role of logs in debugging, monitoring, and incident response, many developers lack formal training and operate without clear guidelines, resulting in fragmented and insecure implementations. These insights highlight the need to treat logging as a core component of secure software development.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Structured Approach to Log Design: Addressing Security and Compliance Gaps in Software Development

  • Veronica Schmitt,
  • Nathan Clarke,
  • Bogdan Ghita,
  • Johan Van Niekerk

摘要

Logging is a critical yet often neglected aspect of software development, frequently implemented without adequate consideration for security, privacy, or compliance. This oversight can lead to vulnerabilities, hinder forensic investigations, and undermine regulatory obligations. This paper examines persistent deficiencies in logging practices using empirical data from a targeted developer survey, alongside analysis of OWASP Top 10 vulnerabilities and Common Weakness Enumeration (CWE) classifications. The findings reveal recurring issues, including the inadvertent exposure of sensitive data, failure to record security-critical events, and inconsistent or undocumented logging standards. Despite the central role of logs in debugging, monitoring, and incident response, many developers lack formal training and operate without clear guidelines, resulting in fragmented and insecure implementations. These insights highlight the need to treat logging as a core component of secure software development.