Security, Software, and Ethics

4406 Words9 Pages

Security, Software, and Ethics

Introduction

Every day, we use computer software to perform everyday tasks. These can range from sending e-mail, balancing your checkbook, web browsing, shopping and much more. Most people don't stop to think about the security of the software that we use on a daily basis. Users are more concerned about getting their work done, and security is little more than an afterthought.

Security is a very important and often overlooked aspect of software development. Security is used to authenticate users, manage access to resources, and to ensure that data hasn't been compromised.

Recent events such as the Sasser, SQL Server, Blaster and Nimda worms have been devastating throughout the world. They've cost companies and everyday people billions of dollars worth of wasted time, money and productivity. In some cases, data gets corrupted, modified or deleted. Businesses are unable to function normally, which can result in heavy financial losses.

Some of these worms are still taking over computers to this day, long after patches have been readily available to fix the problem. Security professionals have been telling computer users to patch their systems and keep them up to date, but it their words aren't being listened to in spite of their warnings. Why is this scenario constantly being repeated? Who's responsible for ensuring that software we use is secure?

I feel that software companies and software engineers are ethically responsible for making sure that their software is secure. We're becoming more dependent on computer software, which makes us more vulnerable to virus attacks from a security bug in a widely used piece of software. They must be able to ensure that our software is more secu...

... middle of paper ...

...3] Peter Mell and Miles C. Tracy, "Procedures for Handling Security Patches", National Institute of Standards and Technology, August 2002

http://www.csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf

Suggested resources

SANS Institute - Computer security web site, with information about computer security training

http://www.sans.org

SANS Institute Reading Room - Articles on a variety of security topics

http://www.sans.org/rr

Security Focus - Web site with news and analysis of security issues

http://www.securityfocus.com

The Register - Web site with IT-related news

http://www.theregister.co.uk

Software Engineering Institute, Carnegie Mellon University

http://www.sei.cmu.edu/

National Institute for Science and Technology

http://www.nist.gov

The CERT® Coordination Center - A reporting center for Internet security

http://www.cert.org

Open Document