Software vulnerability is commonly called a "bug" in software which may allow a third party or program to gain unauthorized access to some resource. Software vulnerability control is one of the most important parts of computer and network security for the following reasons.
- Virus programs use vulnerabilities in operating system and application software to gain unauthorized access, spread, and do damage.
- Intruders use vulnerabilities in operating system and application software to gain unauthorized access, attack other systems, and do damage.
- Some software itself may be hostile.
If software vulnerabilities did not exist, I believe that viruses would not exist and gaining any unauthorized access to resources would be very difficult indeed.
This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.
A software vulnerability is a state in a computing system (or set of systems) which either:
- allows an attacker to execute commands as another user
- allows an attacker to access data that is contrary to the specified access restrictions for that data
- allows an attacker to pose as another entity
- allows an attacker to conduct a denial of service
When an attack is made possible by a weak or inappropriate security policy, this is better described as 'exposure':
An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:
- allows an attacker to conduct information gathering activities
- allows an attacker to hide activities
- includes a capability that behaves as expected, but can be easily compromised
- is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy
When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any 'exposed' data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.
Only approved software should be operated on the organization's network. This is so hostile programs cannot gain access to the network. Hostile programs may be written with some useful functionality, but may perform a hidden task that the user is not aware of. This type of hostile program is normally called a "Trojan Horse". The ways to help determine whether a program is hostile may include:
- Does the progam come from a reliable source?
- Is there proof that the program came from the source such as a digital signature?
- If the source code is available for the program, the code may be checked to be sure there is no hostile content.
- A reliable third party may be able to check out the software and certify that it is safe.
- Does the creater of the program attempt to hide their identity? If the creator of the program attempts to hide their identity then there may be reason for suspicion. If the program creater does not hide their identity and can be reached, it is less likely that the program is a hostile program.
- Has this program been run by other people or organizations for some period of time with no adverse consequences?
Computer security is not an exact science and it is a matter of reducing the chance of an intrusion. Probably the best method of being sure of the reliability of a program is to allow a reliable third party to check the program. I believe it is likely that these services may become more popular in the future. Program writers may even send source code to these service providers for certification with source code covered by a nondisclosure agreement.