Software errors pose a constant threat to information systems, causing untold losses in productivity and sometimes endangering people who use or depend on systems. Growing complexity and size of software programs, coupled with demands for rapid delivery to markets, have contributed to an increase in software flaws or vulnerabilities. For example, in February 2017 Cloudflare, a service provider that helps optimize website performance and security, reported that it had just fixed a software defect that had leaked sensitive data for months. The data included user passwords, cookies, and other authentication data. Although the amount of data leaked appeared to be small, the bug could have affected any of Cloudflare’s 5.5 million customers (McMillan, 2017).
A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code. A relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of paths. Important programs within most corporations are usually much larger, containing tens of thousands or even millions of lines of code, each with many times the choices and paths of the smaller programs.
Zero defects cannot be achieved in larger programs. Complete testing simply is not possible. Fully testing programs that contain thousands of choices and millions of paths would require thousands of years. Even with rigorous testing, you would not know for sure that a piece of software was dependable until the product proved itself after much operational use.
Flaws in commercial software not only impede performance but also create security vulnerabilities that open networks to intruders. Each year security firms identify thousands of software vulnerabilities in Internet and PC software. An example is the Heartbleed bug, which is a flaw in OpenSSL, an open-source encryption technology that an estimated two-thirds of web servers use. Hackers could exploit the bug to access visitors’ personal data as well as a site’s encryption keys, which can be used to collect even more protected data.
Especially troublesome are zero-day vulnerabilities, which are holes in the software unknown to its creator. Hackers then exploit this security hole before the vendor becomes aware of the problem and hurries to fix it. This type of vulnerability is called zero-day because the author of the software has zero days after learning about it to patch the code before it can be exploited in an attack. Sometimes security researchers spot the software holes, but more often, they remain undetected until an attack has occurred.
To correct software flaws once they are identified, the software vendor creates small pieces of software called patches to repair the flaws without disturbing the proper operation of the software. It is up to users of the software to track these vulnerabilities, test, and apply all patches. This process is called patch management.
Because a company’s IT infrastructure is typically laden with multiple business applications, operating system installations, and other system services, maintaining patches on all devices and services a company uses is often time-consuming and costly. Malware is being created so rapidly that companies have very little time to respond between the time a vulnerability and a patch are announced and the time malicious software appears to exploit the vulnerability.
Newly Discovered Vulnerabilities in Microprocessor Design
The Interactive Session on Technology describes newly discovered vulnerabilities stemming from flaws in the design of computer microprocessor chips, which enable hackers using malicious software programs to gain access to data that were thought to be completely protected. These vulnerabilities affect nearly every computer chip manufactured in the last 20 years.
Source: Laudon Kenneth C., Laudon Jane Price (2020), Management Information Systems: Managing the Digital Firm, Pearson; 16th edition.
Hey very nice site!! Guy .. Excellent .. Wonderful ..
I will bookmark your website and take the feeds additionally?
I am satisfied to search out numerous helpful information here in the publish, we need
develop more techniques on this regard, thank you for sharing.
. . . . .
I’m not that much of a internet reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your site to come back in the
future. Many thanks
I have been checking out some of your stories and i can state nice stuff. I will definitely bookmark your website.