Security bug

From Wikipedia, the free encyclopedia

This article does not cite any references or sources. (February 2008)
Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

Software Testing Portal

A security bug is a software bug that benefits someone other than intended beneficiaries in the intended ways.

Security bugs introduce security vulnerabilities by compromising one or more of:

Authentication of users and other entities
Authorization of access rights and privileges
Data confidentiality
Data integrity

Security bugs need not be identified, surfaced nor exploited to qualify as such. Some exploited ones, particularly viruses, have been known to wreak global damage at massive cost.

[edit] Causes

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:

[edit] Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:

Memory safety (e.g. buffer overflow and dangling pointer bugs)
Race condition
Secure input and output handling
Faulty use of an API
Improper use case handling
Improper exception handling

[edit] Mitigation

See Software Security Assurance.

Categories: Programming bugs | Software testing

Hidden categories: Articles lacking sources from February 2008 | All articles lacking sources

Views

Interaction

Search

Powered by MediaWiki

Wikimedia Foundation

This page was last modified 16:30, 27 February 2008 by Wikipedia user Terraxos. Based on work by Wikipedia user(s) Pinecar, Josephgrossberg, Jruderman, Mysdaao, Alaibot and LarryHughes and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers