Jump to content

Security bug

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by LittleBenW (talk | contribs) at 13:02, 5 January 2013. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Security bug" – news · newspapers · books · scholar · JSTOR (February 2008) (Learn how and when to remove this message)

A security bug or security defect is a software bug that benefits someone other than intended beneficiaries in the intended ways.

Security bugs introduce security vulnerabilities by compromising one or more of:

Authentication of users and other entities ^[1]
Authorization of access rights and privileges ^[2]
Data confidentiality
Data integrity

Security bugs need not be identified, surfaced nor exploited to qualify as such.

Causes

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:

Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:

Memory safety (e.g. buffer overflow and dangling pointer bugs)
Race condition
Secure input and output handling
Faulty use of an API
Improper use case handling
Improper exception handling
Preprocessing input strings after they are checked for being acceptable.

Mitigation

See Software Security Assurance.

See also

References

^ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
^ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_bug&oldid=531442850"

Hidden categories: