• Images
• Videos
• Documents
• Books
• Articles

Causes

Main article: Vulnerability (computing)

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:³

• Software developer training
• Use case analysis
• Software engineering methodology
• Quality assurance testing
• and other best practices

Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:⁴

• Memory safety (e.g. buffer overflow and dangling pointer bugs)
• Race condition
• Secure input and output handling
• Faulty use of an API
• Improper use case handling
• Improper exception handling
• Resource leaks, often but not always due to improper exception handling
• Preprocessing input strings before they are checked for being acceptable

Mitigation

See software security assurance.

See also

• Computer security
• Hacking: The Art of Exploitation
• IT risk
• Threat (computer)
• Vulnerability (computing)
• Hardware bug
• Secure coding

Further reading

• Open Web Application Security Project (21 August 2015). "2013 Top 10 List".
• "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.

References

1. "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012. http://cwe.mitre.org/top25/index.html#CWE-306 ↩

2. "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012. http://cwe.mitre.org/top25/index.html#CWE-306 ↩

3. "Software Quality and Software Security". 2008-11-02. Retrieved 2017-04-28. http://swreflections.blogspot.com/2008/11/software-quality-and-software-security.html ↩

4. Alhazmi, Omar H.; Woo, Sung-Whan; Malaiya, Yashwant K. (Jan 2006). "Security vulnerability categories in major software systems". Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security. https://www.researchgate.net/publication/220885085 ↩