Data Protection and Security

VI

Operating System Security and Secure Programming

VI.IV

Secure Software Development

Penetrate and Patch Approach:

Penetrate and Patch: Trying to come up with a fix to a problem that is being actively exploited by attackers. This approach has many problems:

Developers can only patch problems which they know about.
Patches often introduce new problems.
Patches often only fix the symptom of a problem.
Patches often go unapplied.

The following figure illustrates the windows of vulnerability for a security bug over time as an evidence for the uneffectiveness of patching.

Question: What is the alternative?
Answer: Analyze and design the system for security, carefully implement and test the system extensively before release.

«previous session

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

next session »

«proceed to previous section

proceed to next section »

chapter index