An open security environment is an environment that includes those systems in which one of the following conditions holds true:
- a. Application developers (including maintainers) do not have sufficient clearance or authorization to provide an acceptable presumption that they have not introduced malicious logic.
- b. Configuration control does not provide sufficient assurance that applications are protected against the introduction of malicious logic prior to and during the operation of system applications.
- Turquiose Book: A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems (NCSC-TG-004-88 Oct. 16, 2002) (full-text).