Supriya Ghosh (Editor)

Security bug

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:

Contents

  • Authentication of users and other entities
  • Authorization of access rights and privileges
  • Data confidentiality
  • Data integrity

    • Security bugs need not be identified nor exploited to qualify as such.

    Causes

    Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:

  • Software developer training
  • Use case analysis
  • Software engineering methodology
  • Quality assurance testing
  • ...and other best practices

    • Taxonomy

    Security bugs generally fall into a fairly small number of broad categories that include:

  • Memory safety (e.g. buffer overflow and dangling pointer bugs)
  • Race condition
  • Secure input and output handling
  • Faulty use of an API
  • Improper use case handling
  • Improper exception handling
  • Resource leaks, often but not always due to improper exception handling
  • Preprocessing input strings after they are checked for being acceptable.

    • Mitigation

    See software security assurance.

    References

    Security bug Wikipedia
    (Text) CC BY-SA


    Similar Topics