Securing sensitive data in a program
Many applications need to handle sensitive data either in memory or on disk. If this sensitive data is not protected properly, it might lead to loss of secrecy or integrity of the data. It is very difficult (or expensive) to completely secure all the sensitive data. Users tend to use same passwords everywhere. So, even if your program is a simple game which stores user's profile information and requires user to enter a password, the user might choose the same password he uses for his online bank account for your game program! Now user's bank account is only as much secure as your program chooses it to be.
There are simple steps in which you can secure sensitive data in your program:
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
References
John Viega, Protecting sensitive data in memory, Feb 2001Anchor 1 1
US DoD Standard 5220.22-MAnchor 2 2
Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, July 1996Anchor 3 3
Richard Lewis, Security considerations when handling sensitive dataAnchor 4 4