Security bug

From Wikipedia, the free encyclopedia

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:

Security bugs do not need be identified nor exploited to be qualified as such and are assumed to be much more common than known vulnerabilities in almost any system.

Causes[edit]

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:[2]

Taxonomy[edit]

Security bugs generally fall into a fairly small number of broad categories that include:[3]

Mitigation[edit]

See software security assurance.

See also[edit]

References[edit]

  1. ^ a b "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
  2. ^ "Software Quality and Software Security". 2008-11-02. Retrieved 2017-04-28.
  3. ^ Alhazmi, Omar H.; Woo, Sung-Whan; Malaiya, Yashwant K. (Jan 2006). "Security vulnerability categories in major software systems". Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security.

Further reading[edit]