OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Software Considered Harmful: Why Software is Insecure

$RCSfile: index.html,v $ $Revision: 1.3 $ $Date: 2002/06/10 00:08:04 $

ABSTRACT

Software vulnerabilities prevail. A focal problem area is software implementation, which may introduce potential for unanticipated and undesired program behaviour. OUSPG has studied implementation level vulnerabilities since the year 1996, and made some rather strong claims such as: "Secure programming errors are systematic", "Many vulnerabilities could be eliminated with low cost" and "Dynamic black-box testing would be a decent first-aid." The PROTOS project researched different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. Recent findings like the SNMPv1 incident have given some ground on our claims; 80% of the products tested in the PROTOS project failed due to exploitable flaws. As formerly closed systems are used in open context, they will have vulnerabilities due to immature software culture. This is why even consumer electronics will have security problems.

[This page is CSS2 enabled. Your browser might not fully support it]