Security bug

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Security bug" – news · newspapers · books · scholar · JSTOR (February 2008) (Learn how and when to remove this message)

A security bug or security defect is a software bug that benefits someone other than intended beneficiaries in the intended ways. A security bug is something made by hackers that can help them either know you, hack into your account and change your password or stuff like that, or even make them hack into your email and send emails, which is kinda scary.

Security bugs introduce security vulnerabilities by compromising one or more of:

• Authentication of users and other entities ^[1]
• Authorization of access rights and privileges ^[2]
• Data confidentiality
• Data integrity

Security bugs need not be identified, surfaced nor exploited to qualify as such.

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:

• Software developer training
• Use case analysis
• Software engineering methodology
• Quality assurance testing
• ...and other best practices

Security bugs generally fall into a fairly small number of broad categories that include:

• Memory safety (e.g. buffer overflow and dangling pointer bugs)
• Race condition
• Secure input and output handling
• Faulty use of an API
• Improper use case handling
• Improper exception handling
• Resource leaks, often but not always due to improper exception handling
• Preprocessing input strings after they are checked for being acceptable.

See Software Security Assurance.

• Computer security
• Hacking: The Art of Exploitation Second Edition
• IT risk
• Threat (computer)
• Vulnerability (computing)