Chapter 28. When Will We Get Rid of All the Security Vulnerabilities?
There are two common ways for malware to get onto a machine:
The victim puts it on there himself. This is usually unintentional, as in the case of downloading something like a screensaver that really has malware bundled with it.
The user does nothing wrong, but the malware shows up anyway. This occurs because of security flaws in the software.
There are tons of security vulnerabilities in software. They’re swarming all over the place. From 2005 until today, an average of over 7,000 vulnerabilities each year have been publicly disclosed in popular software. There are many, many more vulnerabilities than are publicly disclosed. Some are found and fixed, but there will always be many security vulnerabilities that are never found.
In some sense, we can try to make it as easy as possible for users not to screw themselves, but some people will always fall prey to legitimate-looking scams, so there will always be a problem. But my data suggests that more than half of all malware shows up when the user does nothing wrong. Then there are all the security problems in web applications that can put your data, if not your machine, at risk.
It seems like we should be able to do something about this problem. After all, can’t the developers writing all the software fix it?
Frankly, I don’t see software ever being free of vulnerabilities. Let’s assume for the moment that we already know everything about how software might fail and be ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
