Software Vulnerability

Software errors pose a constant threat to information systems, causing untold losses in productivity and sometimes endangering people who use or depend on systems. Growing complexity and size of software programs, coupled with demands for rapid delivery to markets, have contributed to an increase in soft­ware flaws or vulnerabilities. For example, in February 2017 Cloudflare, a ser­vice provider that helps optimize website performance and security, reported that it had just fixed a software defect that had leaked sensitive data for months. The data included user passwords, cookies, and other authentication data. Although the amount of data leaked appeared to be small, the bug could have affected any of Cloudflare’s 5.5 million customers (McMillan, 2017).

A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code. A relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of paths. Important programs within most corporations are usually much larger, contain­ing tens of thousands or even millions of lines of code, each with many times the choices and paths of the smaller programs.

Zero defects cannot be achieved in larger programs. Complete testing simply is not possible. Fully testing programs that contain thousands of choices and millions of paths would require thousands of years. Even with rigorous testing, you would not know for sure that a piece of software was dependable until the product proved itself after much operational use.

Flaws in commercial software not only impede performance but also cre­ate security vulnerabilities that open networks to intruders. Each year security firms identify thousands of software vulnerabilities in Internet and PC software. An example is the Heartbleed bug, which is a flaw in OpenSSL, an open-source encryption technology that an estimated two-thirds of web servers use. Hackers could exploit the bug to access visitors’ personal data as well as a site’s encryp­tion keys, which can be used to collect even more protected data.

Especially troublesome are zero-day vulnerabilities, which are holes in the software unknown to its creator. Hackers then exploit this security hole before the vendor becomes aware of the problem and hurries to fix it. This type of vulnerability is called zero-day because the author of the software has zero days after learning about it to patch the code before it can be exploited in an attack. Sometimes security researchers spot the software holes, but more often, they remain undetected until an attack has occurred.

To correct software flaws once they are identified, the software vendor cre­ates small pieces of software called patches to repair the flaws without disturb­ing the proper operation of the software. It is up to users of the software to track these vulnerabilities, test, and apply all patches. This process is called patch management.

Because a company’s IT infrastructure is typically laden with multiple busi­ness applications, operating system installations, and other system services, maintaining patches on all devices and services a company uses is often time-consuming and costly. Malware is being created so rapidly that compa­nies have very little time to respond between the time a vulnerability and a patch are announced and the time malicious software appears to exploit the vulnerability.

Newly Discovered Vulnerabilities in Microprocessor Design

The Interactive Session on Technology describes newly discovered vulner­abilities stemming from flaws in the design of computer microprocessor chips, which enable hackers using malicious software programs to gain access to data that were thought to be completely protected. These vulnerabilities affect nearly every computer chip manufactured in the last 20 years.

Source: Laudon Kenneth C., Laudon Jane Price (2020), Management Information Systems: Managing the Digital Firm, Pearson; 16th edition.

3 thoughts on “Software Vulnerability

  1. Kayleigh says:

    Hey very nice site!! Guy .. Excellent .. Wonderful ..
    I will bookmark your website and take the feeds additionally?
    I am satisfied to search out numerous helpful information here in the publish, we need
    develop more techniques on this regard, thank you for sharing.
    . . . . .

  2. Dorothy says:

    I’m not that much of a internet reader to be honest but your blogs really nice, keep it up!
    I’ll go ahead and bookmark your site to come back in the
    future. Many thanks

Leave a Reply

Your email address will not be published. Required fields are marked *