Article

Matt Davis
Matt Davis 28 February 2018
Categories Technology

Why Does Software Cause Security Vulnerabilities?

It seems as though massive malware infections and breaches are reported every day. They’re often blamed on software vulnerabilities, but why is software vulnerable.

Unless you are an astronaut or a fighter pilot, almost all the software you use has security vulnerabilities. When your phone, television, or content management system demands to be updated, it is a safe bet that the new version fixes some of the vulnerabilities in the old version. But why are their vulnerabilities in the first place?

Complexity, developer error, and budgets all have a role to play.

Vulnerabilities are caused by bugs, mistakes in the way the software is written or in the way it interacts with other software and hardware. It is possible to write code that has no bugs, but bug-free software is either very simple or very expensive.

Simple programs can be verified by a human. As software becomes complex enough to be useful, it is impossible for a single person to understand all the ways it might behave.

Lines of code isn’t a good measure of complexity, but it provides some idea of the scope of software. The average WordPress theme has over 36,000 lines of code. WordPress itself comprises about 400,000 lines. The Apache web server has just under 2 million lines of code. The Zend PHP framework clocks in at 3.2 million lines. The Linux Kernel has an astonishing 19 million lines of code. Microsoft Windows is somewhere north of 50 million lines. As a comparison, there are 157,760 lines in all of Shakespeare’s plays.

Software is ferociously complicated; the most complicated artifact ever created by humans according to some. It is beyond the capabilities of even the smartest developer to understand every line, function, variable, module, and the combinatorial complexity of their interactions.

And, of course, sometimes developers just make dumb mistakes. They’re rushed, they don’t think carefully about the code they’re writing or take the time to understand a library they’re using.

To develop software that is both complex and free of bugs, developers would have to spend a lot of time planning, testing, retesting, rewriting, and testing some more — and that’s what makes it expensive.

If you have NASA’s budgets and the software runs the navigation system of a space shuttle, you have the money and the motivation to make sure that there are no bugs — and even then it’s impossible to be 100 percent certain.

No one wants to pay $3000 for a weather app or web server. Nor do we want to wait five years for new features in our favorite Twitter client. So we accept that software has bugs.

To be sure, developers test software extensively. They run automated tests that catch bugs, they have long beta testing periods during which the software is used and monitored for problems. Responsible developers invest great effort to devise and implement processes that reduce the number of bugs. Irresponsible developers don’t bother. Regardless, bugs get through, and some cause serious security problems.

When security vulnerabilities are discovered, developers create patches to fix them. That’s why applications and operating systems demand to be updated so frequently.

Once it is understood that there’s a price to be paid for rapid innovation, software users have to play their part in reducing the risk that vulnerabilities can be exploited by criminals, and that means installing updates.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Marketing Emails vs Newsletters: What’s the Difference?

Marketing Emails vs Newsletters: What’s the Difference?

If anyone can clarify the difference between marketing emails and newsletters, it’s Alexander Melone, co-founder of San Francisco-based email marketing agency CodeCrew. But, as we’re about to find out, the distinction...

Alex Melone
Alex Melone 14 November 2023
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more
Customer-Centric Marketing: The Heartbeat of Modern UK Retail

Customer-Centric Marketing: The Heartbeat of Modern UK Retail

The UK retail scene, with its diverse offerings from luxe brands to quaint local stores, is witnessing a paradigm shift: The rise of customer-centric marketing. This isn’t just about selling; it’s about understanding,...

Andrew Addison
Andrew Addison 21 November 2023
Read more
Best Practices for Effective Dashboard Design

Best Practices for Effective Dashboard Design

In the age of data-driven operations, dashboards have emerged as an essential tool for businesses. They serve as a gateway to data, enabling users to monitor, analyze, and visually represent vital performance...

Ravi Shukla
Ravi Shukla 17 November 2023
Read more