Security bug

Security bug

A security bug is a software bug that benefits someone other than intended beneficiaries in the intended ways.

Security bugs introduce security vulnerabilities by compromising one or more of:
* Authentication of users and other entities
* Authorization of access rights and privileges
* Data confidentiality
* Data integrity

Security bugs need not be identified, surfaced nor exploited to qualify as such. Some exploited ones, particularly viruses, have been known to wreak global damage at massive cost.

Causes

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:
* Software developer training
* Use case analysis
* Software engineering methodology
* Quality assurance testing
* ...and other best practices

Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:
* Memory safety (e.g. buffer overflow and dangling pointer bugs)
* Race condition
* Secure input and output handling
* Faulty use of an API
* Improper use case handling
* Improper exception handling

Mitigation

See Software Security Assurance.


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • security bug — saugumo spraga statusas T sritis informatika apibrėžtis Įrangos defektas, neužkertantis kelio neleidžiamam priėjimui prie joje esančių konfidencialių duomenų arba ↑kompiuterių virusų ir kitų kenkimo programų patekimui į kompiuterį. Programas… …   Enciklopedinis kompiuterijos žodynas

  • Security-focused operating system — This is an alphabetical list of operating systems with a sharp security focus. Their order does not imply rank.In our context, Security focused means that the project is devoted to increasing the security as a major goal. As such, something can… …   Wikipedia

  • Bug de l'an 2000 — Passage informatique à l an 2000 Le Passage informatique à l an 2000, couramment appelé bogue de l an 2000 (ou Y2K aux États Unis), était un ensemble de problèmes de programmation portant sur le format de la date dans les mémoires des ordinateurs …   Wikipédia en Français

  • OpenBSD security features — The OpenBSD operating system is noted for its security focus and for the development of a number of security features. Contents 1 API and build changes 2 Memory protection 3 Cryptography and randomization …   Wikipedia

  • Skype security — Skype is a Voip system developed by Skype Technologies S.A., and owned by eBay. It is a peer to peer based network in which voice calls don’t pass through a central server. Skype users search for other users to connect to, enabling them to search …   Wikipedia

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • Economics of security — The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational homo economicus as well as behavioral economics. Economics of… …   Wikipedia

  • Human-computer interaction (security) — HCISec is the study of interaction between humans and computers, or HCI, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications. Unlike HCI, which… …   Wikipedia

  • Software bug — To report a MediaWiki error on Wikipedia, see Wikipedia:Bug reports. A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or …   Wikipedia

  • The Satan Bug — Infobox Film name = The Satan Bug director = John Sturges producer = John Sturges writer = Alistair MacLean James Clavell Edward Anhalt starring = George Maharis Richard Basehart Anne Francis Dana Andrews Edward Asner Frank Sutton John Anderson… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”