Software Security

The importance of IT security is out of doubt. Data, computer and network security are essential for any business or organization. Software security, however, all too often remains out of focus, both from a developer's and from a user's point of view. As a motivation, we will first consider various current security issues taken from the media and point out where software security has played a significant role. We will then present a thorough introduction to software security. We will differentiate software security from IT security, network security, computer security, and also from software safety. Prominent examples of software security bugs are buffer overflows, SQL injection and cross-site scripting. We explain the basic ideas behind such vulnerabilities, give recent examples where these bugs have occurred, and describe the damage they have caused. Next, we will differentiate security bugs from security flaws and again give recent examples. Mitigation issues will be viewed from two different perspectives, from the developer’s point of view and from the end-user’s point of view. What does it need to develop secure software? For developers, we will introduce the security touch points, the security development life-cycle, and issues of secure coding. For end-users, we will present a recent case study that demonstrates the importance of software updates. However, technical aspects are not sufficient to guarantee security. A real world example will remind us that humans remain the weakest link in the security chain.