In order to build a strong software security strategy it’s important to understand the main reasons for insecure software. In this post I will try to summarize some of those reasons based on evidence shared both by great authors and also from my own observations.

Before we start, I would like to state that insecure software is not only a technical problem, it’s a social and cultural one too. …


Software is written by people and, by extension, prone to failure. Depending on the problems this software must solve, the impact of that failure could go from negligible to life threatening. For instance, a segmentation fault produced by an unhandled exception has a very different impact on an e-commerce search functionality than it has on a pacemaker. Ideally, we must focus on delivering secure software, but the world is not ideal, and trade-offs are usually made.

From a computer science perspective, if we can prove the correctness of a program (given a certain specification), then we can guarantee that the program is secure, because no uncertain outcomes could possibly occur. Of course, if requirements are defined with no security in mind, programs won’t be either. …

About

Alejandro Iacobelli

Software engineer, penetration tester, bounty hunter and Application security professor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store