Gold mining companies are an investment method for gold. These do not represent gold at all, but rather are shares in gold mining companies. If the gold price rises, the profits of the gold mining company to rise and the share price may rise. However, there are many factors to take into account and share price may not rise when the gold price increases. Mines are commercial enterprises and subject to problems such as flooding, subsidence and structural failure, as well as mismanagement, theft and corruption. If serious, such factors can lower the share prices of gold mines. Unlike gold bullion, which is regarded as a safe haven asset, unhedged gold shares or funds are regarded as high risk and extremely volatile. This volatility is due to the inherent advantage in the mining sector. For example, if you own a share in a gold mine where the costs of production are $300 per ounce and the price of gold is $600, the mine's profit margin will be $300. A 10% increase in the gold price to $660 per ounce will push that margin up to $360, which actually represents a 20% increase in the mine's profitability, and potentially a 20% increase in the share price. Conversely, a 10% fall in the gold price to $540 will decrease that margin to $240, which actually represents a 20% fall in the mine's profitability, and potentially a 20% decrease in the share price. The amplification of gold mining profits during periods of rising prices can cause a gold rush in mining exploration. To reduce this volatility, some gold mining companies hedge the gold price up to 18 months in advance. This provides the mining company and investor with less exposure to short-term gold price fluctuations, but reduces potential returns when the gold price is rising.

Secure by Design

Secure by design, in software engineering, means that the software has been designed from the ground up to be secure. Malicious practices are taken for granted and care is taken to minimize impact when a security vulnerability is discovered or on invalid user input.

Generally, designs that work well do not rely on being secret. It is not mandatory, but proper security usually means that everyone is allowed to know and understand the design because it is secure. This has the advantage that many people are looking at the code, and this improves the odds that any flaws will be found sooner. Of course, attackers can also obtain the code, which makes it easier for them to find vulnerabilities as well.

Also, it is very important that everything works with the least amount of privileges possible (principle of least privilege). For example a Web server that runs as the administrative user (root or admin) can have the privilege to remove files and users that do not belong to it. Thus, a flaw in that program could put the entire system at risk. On the other hand, a Web server that runs inside an isolated environment and only has the privileges for required network and file system functions, cannot compromise the system it runs on unless the security around it is in itself also flawed.

Often the easiest way to break the security of a client/server system is not to go head on to the security mechanisms but instead to go around them. A man in the middle attack is a simple example of this, because you can use it to collect details to impersonate a user. Which is why it is important to consider encryption, hashing, and other security mechanisms in your design to ensure that information collected from a potential attacker won't allow access.

Another key feature to client-server security design is general good-coding practices. For example, following a known software design structure such as client and broker can help in designing a well built structure with a solid foundation. Furthermore that if the software is modified in the future it is even more important that it follows a logical foundation of separation between the client and server. This is because if a programmer comes in and cannot clearly understand the dynamics of the program they may end up adding or changing something that can add a security flaw. Even with the best design this is always a possibility, but the better standardized the design the less chance there is of this occurring.