To increase the quality and thus the security of the design and the implementation, we are using the following principles:
Object-oriented design and implementation: The object-oriented design and implementation of components of the PERSEUS framework increases its clarity and thus makes changes and extensions more simple. Moreover, the principle of object-oriented programming reduces the probability of security-critical implementation failures, since security-critical code regions can be hidden by an evaluated class that can be reused.
Unit tests: By following the principle of unit tests, smaller code units are tested by separately implemented test cases. In the case of a bug, e.g., a new test case is added that, due to the used code manaagement system, has to be passed by every following code change. This mechanism ensures that a bug can never occur twice. To ensure that developers can easily write tests, a test framework (currently Cpp-Unit) is used.
Automatic Code Analysis: Static and semantic code analysis tools are used to find and/or prevent bugs and thus to increase the quality and the security of the implementation.
Reviews: To find bugs and design failures that cannot be detected by automatic code analysis tools, and to constantly improve the code quality, every piece of code of the PERSEUS framework is reviewed in regular intervals. Appropriate guidelines for developers and reviewers have been fixed in the PERSEUS configuration management plan.