A Structured Approach to Log Design: Addressing Security and Compliance Gaps in Software Development
摘要
Logging is a critical yet often neglected aspect of software development, frequently implemented without adequate consideration for security, privacy, or compliance. This oversight can lead to vulnerabilities, hinder forensic investigations, and undermine regulatory obligations. This paper examines persistent deficiencies in logging practices using empirical data from a targeted developer survey, alongside analysis of OWASP Top 10 vulnerabilities and Common Weakness Enumeration (CWE) classifications. The findings reveal recurring issues, including the inadvertent exposure of sensitive data, failure to record security-critical events, and inconsistent or undocumented logging standards. Despite the central role of logs in debugging, monitoring, and incident response, many developers lack formal training and operate without clear guidelines, resulting in fragmented and insecure implementations. These insights highlight the need to treat logging as a core component of secure software development.