Security bug
Encyclopedia
A security bug is a software bug
that benefits someone other than intended beneficiaries in the intended ways.
Security bugs introduce security vulnerabilities
by compromising one or more of:
Security bugs need not be identified, surfaced nor exploited
to qualify as such. Some exploited ones, particularly viruses
, have been known to wreak global damage at massive cost.
that can generally be traced to either absent or inadequate:
Software bug
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...
that benefits someone other than intended beneficiaries in the intended ways.
Security bugs introduce security vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
by compromising one or more of:
- AuthenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
of userUser (computing)A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
s and other entities - AuthorizationAuthorizationAuthorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
of access rightsAccess rightsAccess rights can refer to:*Access to Information Act, a Canadian act that allows public access to government information*Disability rights movement, disabled access to public and private locations is a key issue...
and privileges - Data confidentiality
- Data integrityData integrityData Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness...
Security bugs need not be identified, surfaced nor exploited
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
to qualify as such. Some exploited ones, particularly viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, have been known to wreak global damage at massive cost.
Causes
Security bugs, like all other software bugs, stem from root causesRoot cause
A root cause is rarely an initiating cause of a causal chain which leads to an outcome or effect of interest. Commonly, root cause is misused to describe the depth in the causal chain where an intervention could reasonably be implemented to change performance and prevent an undesirable outcome.In...
that can generally be traced to either absent or inadequate:
- Software developerSoftware developerA software developer is a person concerned with facets of the software development process. Their work includes researching, designing, developing, and testing software. A software developer may take part in design, computer programming, or software project management...
training - Use caseUse caseIn software engineering and systems engineering, a use case is a description of steps or actions between a user and a software system which leads the user towards something useful...
analysis - Software engineering methodology
- Quality assuranceQuality AssuranceQuality assurance, or QA for short, is the systematic monitoring and evaluation of the various aspects of a project, service or facility to maximize the probability that minimum standards of quality are being attained by the production process...
testing - ...and other best practices
Taxonomy
Security bugs generally fall into a fairly small number of broad categories that include:- Memory safetyMemory safetyMemory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with random-access memory access, such as buffer overflows and dangling pointers....
(e.g. buffer overflowBuffer overflowIn computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
and dangling pointerDangling pointerDangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations....
bugs) - Race conditionRace conditionA race condition or race hazard is a flaw in an electronic system or process whereby the output or result of the process is unexpectedly and critically dependent on the sequence or timing of other events...
- Secure input and output handlingSecure input and output handlingSecure input and output handling are secure programming techniques designed to prevent security bugs and the exploitation thereof.- Input handling :...
- Faulty use of an API
- Improper use caseUse caseIn software engineering and systems engineering, a use case is a description of steps or actions between a user and a software system which leads the user towards something useful...
handling - Improper exception handlingException handlingException handling is a programming language construct or computer hardware mechanism designed to handle the occurrence of exceptions, special conditions that change the normal flow of program execution....
- Preprocessing input strings after they are checked for being acceptable.
See also
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Hacking: The Art of Exploitation Second EditionHacking: The Art of Exploitation Second Edition-Author and background information:This book is written by Jon Erickson and was published in 2008. Jon Erickson is a computer security expert, with a background in computer science. He currently works as a vulnerability researcher and computer security specialist in California. He also wrote...
- IT riskIT riskInformation technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
- Threat (computer)Threat (computer)In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
- Vulnerability (computing)Vulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...