Corporations do not have the resources to analyze every application deployed for flaws nor can they keep up with the possible injection of new flaws brought on by patching. Hackers, on the other hand, consider this fuel for the fire. The Threat Multiplies Exponentially

In 1965, Gordon Moore stated “The number of transistors on a chip doubles about every two years.”5 It is arguable that “Moore’s Law” is equally applicable to application complexity.

Advancements in technology and their rapid deployment to the laps and desks of every person on the planet have created fertile ground in which attackers can plant the seeds of discontent without any fear of being caught red handed. The mathematics of chaos, compounded with the growing size of the software sets companies rely on, have made it impossible for the quality assurance departments of software development companies to reproduce the complexity of their customer’s environments. There is simply no way to recreate the intricacies present in a target install base as the permutations are endless.

In addition, regardless of high-level application development and testing procedures, there is no way to eliminate the human factor from the security equation. This is well illustrated in a release by Britain’s National Information Security Coordination Center (NISCC), “Trojan code arrives attached to e-mails or through links in e-mails, and typically requires an end user to open the attachment or click a link and download and run software, for the Trojan code to infect a PC. Most carrier e-mails utilize some form of social engineering; spoofing addresses to make the attachment or URL appear relevant.

Once installed on a user machine, Trojans may be used to obtain passwords, scan networks, exfiltrate information, and launch further attacks.The software may also replicate to other network PCs automatically.”6

Flaws in the Ointment

Adding to human chaos is the fact that: inherent in every one thousand (1000) lines of code are more than seven (7) flaws, as documented in the report from the National Cybersecurity Task Force.7

Some of the world’s leading operating systems, with over 25 million lines of code, posses over 175,000 potential flaws.

Assuming only 10% of these flaws are a high security risk, it is unreasonable to assume that any SQA (software quality assurance) team could rid any release of all potential issues. Asking software companies to rectify every flaw would require years of effort between releases and drive the cost of software beyond reason.

Sum of All Evils

The resulting landscape looks daunting but perhaps all that is needed is a new view, a different approach. The best foundation for an innovative solution is to accept the following facts:

Fact: Humans cannot be taken out of the security equation. They will make mistakes that create openings and they can be socially engineered.

Page 3 of 4 :: First | Last :: Prev | 1 2 3 4 | Next