Can the world be rid of software bugs and vulnerabilities that are open to exploitation?
Despite all the advancements in softwar development, Tenable Network Security Asia Pacific principal architect, Dick Bussiere, characterises bug-free software as a pipe-dream.
“It’s virtually impossible, as no technology is ever completely perfect,” he said.
What is achievable is creating higher quality software, and Bussiere said automated vulnerability assessment tools help analyse code for potential vulnerabilities.
“It is possible to create a better world with fewer bugs, but the bugs are always going to be there,” he said.
“The issues are not necessarily introduced by coding errors, but also through misinterpretation of the initial customer requirements.”
Bussiere adds anything complex designed by humans such as computers and networks are subject to flaws.
Looking at the source
There are more software developers these days than ever before, with www.numberof.net putting the number at 17 million worldwide and 4.16 million in the United States alone.
While the large amount of coders enables better software to be written, Bussiere said it also translates to more exploits by malicious individuals.
Bussiere references the recent Heartbleed vulnerability and how its open source roots allowed it spread undected.
“It was a piece of code that was written by a relatively small team and then utilised in hundred of other products,” he said.
The vulnerability could have been discovered by looking at the open source code, but Bussiere said the cost of doing so meant it was not an option for many.
“Because of the cost and time involved, they didn’t invest the time and money in appraising the open source software and doing a vulnerability assessment of it,” he said.
There may never be a point where people will generate bug-free software, though Bussiere said some software is close to perfect.
One example of software perfection he points to is avionics systems in aircrafts.
Not only does it cost an “inordinate amount of money” to develop, Bussiere said it takes many years to develop a system like that.
“There are commercial pressures to get normal software out, as by the time you finish the testing process to achieve so-called perfection, the product would be obsolete before it was released,” he said.
“So the expense and time required to develop perfect software makes it commercially unviable.”
Bussiere said the avionics industry is not under the same time pressures, so it has the leeway to ensure software is as bug-free as possible.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.