Frequently programmers like to make "back doors" to the software systems they write. Much of the time, there's no nefarious desire here. The back door is just a way to an end, with the end being to assist debugging, or to allow an alternate means of gaining access to info in the event of a catastrophic software crash.
In principle, most, if not all of these back doors should be removed, or in some way closed off when the software engineering project is finished, and the code goes live. In practice , however , this is a thing easy to overlook as cut off dates draw near, and in the rush towards implementation.
Sometimes too , the "back door" is inadvertently created. Some inoffensive looking few lines of code that accidentally open up a security hole in whatever protections you could have in place ( take Microsoft's Web Explorer, for example. A major company with worldwide name recognition, and they release security patches and updates on a regular basis as new holes are revealed in their net browser, and I do not mean to single Microsoft out in this case This is a phenomenon rather common, but what makes Microsoft such an excellent example is that they are so well known ).
And anyway, if you're concerned that perhaps you have got some hidden points of entry into your systemsomething left over from when a bit of custom software was coded, or something created accidentally by the half million lines of code your programmers cranked out for your last project, it would behoove you to have your code audited line by line to be certain that any such potential holes are sealed, providing better security to your system in total.
Many , though not all independent security experts offer services such as these, and they're well worth spending your time, both for the peace of mind that such an audit can give, and for the potential to avert catastrophe. If something is located by the audit, then fixing it can save many times the cost of the audit itself, making it a no-brainer as investments go.
In principle, most, if not all of these back doors should be removed, or in some way closed off when the software engineering project is finished, and the code goes live. In practice , however , this is a thing easy to overlook as cut off dates draw near, and in the rush towards implementation.
Sometimes too , the "back door" is inadvertently created. Some inoffensive looking few lines of code that accidentally open up a security hole in whatever protections you could have in place ( take Microsoft's Web Explorer, for example. A major company with worldwide name recognition, and they release security patches and updates on a regular basis as new holes are revealed in their net browser, and I do not mean to single Microsoft out in this case This is a phenomenon rather common, but what makes Microsoft such an excellent example is that they are so well known ).
And anyway, if you're concerned that perhaps you have got some hidden points of entry into your systemsomething left over from when a bit of custom software was coded, or something created accidentally by the half million lines of code your programmers cranked out for your last project, it would behoove you to have your code audited line by line to be certain that any such potential holes are sealed, providing better security to your system in total.
Many , though not all independent security experts offer services such as these, and they're well worth spending your time, both for the peace of mind that such an audit can give, and for the potential to avert catastrophe. If something is located by the audit, then fixing it can save many times the cost of the audit itself, making it a no-brainer as investments go.
No comments:
Post a Comment