Software security

Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring so...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE security & privacy Jg. 2; H. 2; S. 80 - 83
1. Verfasser: McGraw, G.
Format: Magazine Article
Sprache:Englisch
Veröffentlicht: New York IEEE 01.03.2004
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Schlagworte:
Application software
Best practices
Buffer overflow
Computer bugs
Computer errors
Computer hacking
Computer information security
Computer programs
Computer security
Defects
Extensibility
Fuels
Internet
Materials handling
Risk
Software
Software systems
Technologists
ISSN:1540-7993, 1558-4046
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring software security best practices. A central and critical aspect of the computer security problem is a software problem. Software defects with security ramifications, including implementation bugs such as buffer overflows and design flaws such as inconsistent error handling, promise to be with us for years. All too often, malicious intruders can hack into systems by exploiting software defects. Internet-enabled software applications present the most common security risk encountered today, with software's ever-expanding complexity and extensibility adding further fuel to the fire. By any measure, security holes in software are common, and the problem is growing.
AbstractList Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring software security best practices. A central and critical aspect of the computer security problem is a software problem. Software defects with security ramifications, including implementation bugs such as buffer overflows and design flaws such as inconsistent error handling, promise to be with us for years. All too often, malicious intruders can hack into systems by exploiting software defects. Internet-enabled software applications present the most common security risk encountered today, with software's ever-expanding complexity and extensibility adding further fuel to the fire. By any measure, security holes in software are common, and the problem is growing.
Author McGraw, G.
Author_xml – sequence: 1
  givenname: G.
  surname: McGraw
  fullname: McGraw, G.
BookMark eNp9kE1LAzEQhoNUsK0evOpFPOhpaybZdCdHWeoHVBSq55CkCWzZ7tZkF-m_d9cWhB56moF53hnmGZFBVVeOkCugEwAqH94Ws_xjwihNJ8AQmEhPyBCEwCSl6XTQ9ylNMin5GRnFuKKUAQgckstF7ZsfHdxNdLYNRbM9J6del9Fd7OuYfD3NPvOXZP7-_Jo_zhPLhWgSabRBtOgMUHDcG4fWMm8sGO811YwLnwFnzHGB4FFYPjVLajBdamtlxsfkfrd3E-rv1sVGrYtoXVnqytVtVJLCVEjJsCPvjpIMswxFyjrw9gBc1W2oui-UZBSRU9ZDbAfZUMcYnFebUKx12Cqgqpep_mSqXqbay-xCeBCyRaOboq6aoIvyePR6Fy2cc_-39tNf_QOCVw
CODEN ISPMCN
CitedBy_id crossref_primary_10_1109_TII_2019_2945520
crossref_primary_10_1016_j_jss_2023_111907
crossref_primary_10_1007_s10207_013_0208_7
crossref_primary_10_4018_ijsi_2014070103
crossref_primary_10_1109_MSEC_2019_2918820
crossref_primary_10_1007_s11042_016_4216_2
crossref_primary_10_1007_s42979_023_01968_x
crossref_primary_10_3233_WEB_210452
crossref_primary_10_1016_j_infsof_2014_09_001
crossref_primary_10_1007_s10664_018_9646_1
crossref_primary_10_1016_j_procs_2024_06_307
crossref_primary_10_1002_admt_202001073
crossref_primary_10_1080_19393555_2010_483929
crossref_primary_10_1016_j_jss_2024_112031
crossref_primary_10_1002_adma_202504288
crossref_primary_10_1007_s12209_009_0029_y
crossref_primary_10_3390_s23041805
crossref_primary_10_1109_JIOT_2023_3297259
crossref_primary_10_1145_2667218
crossref_primary_10_1109_TSE_2022_3207149
crossref_primary_10_1108_ICS_12_2018_0138
crossref_primary_10_1109_MCC_2016_5
crossref_primary_10_1016_j_cose_2016_03_009
crossref_primary_10_1016_j_jisa_2025_103989
crossref_primary_10_1080_19393550802623206
crossref_primary_10_1007_s41870_024_02002_w
crossref_primary_10_1109_MSEC_2020_2969064
crossref_primary_10_1109_ACCESS_2023_3315595
crossref_primary_10_4018_IJSSMET_2020100103
crossref_primary_10_7717_peerj_cs_376
crossref_primary_10_1016_j_infsof_2024_107453
crossref_primary_10_1109_TIFS_2024_3393748
crossref_primary_10_1007_s41449_022_00346_2
crossref_primary_10_3390_s21010028
crossref_primary_10_1016_j_cose_2006_09_002
crossref_primary_10_3390_electronics12173594
crossref_primary_10_1007_s10515_022_00331_3
crossref_primary_10_1007_s10639_018_9758_7
crossref_primary_10_1016_j_cosrev_2023_100551
crossref_primary_10_1080_19361610_2014_913230
crossref_primary_10_1109_ACCESS_2020_3040220
crossref_primary_10_1002_stvr_1580
crossref_primary_10_1145_3301305
crossref_primary_10_1007_s10009_015_0371_4
crossref_primary_10_1002_smr_2648
crossref_primary_10_1007_s10664_023_10287_x
crossref_primary_10_1007_s10664_024_10496_y
crossref_primary_10_1142_S0218539324500311
crossref_primary_10_1109_MSP_2004_55
crossref_primary_10_1109_JIOT_2019_2947339
crossref_primary_10_1145_2897441
crossref_primary_10_1109_MSP_2005_23
crossref_primary_10_1145_1543405_1543411
crossref_primary_10_3745_KIPSTD_2006_13D_1_067
crossref_primary_10_1038_s42005_019_0139_3
crossref_primary_10_1109_MSP_2004_111
crossref_primary_10_3390_s23177532
crossref_primary_10_1145_3410337
crossref_primary_10_1109_MSP_2004_84
crossref_primary_10_1109_ACCESS_2025_3602480
crossref_primary_10_1016_j_jss_2023_111679
crossref_primary_10_1007_s10664_021_10019_z
crossref_primary_10_1145_3638531
crossref_primary_10_3390_electronics11223707
crossref_primary_10_1016_j_procs_2015_08_155
crossref_primary_10_1016_j_cose_2016_08_002
crossref_primary_10_1145_3589951
crossref_primary_10_1002_sec_1700
crossref_primary_10_1109_MSP_2011_40
crossref_primary_10_4028_www_scientific_net_AMM_182_183_2085
crossref_primary_10_1016_j_datak_2025_102443
crossref_primary_10_1109_ACCESS_2021_3052311
crossref_primary_10_1016_j_scico_2022_102768
crossref_primary_10_1109_MSP_2005_45
crossref_primary_10_1016_j_csi_2016_10_001
crossref_primary_10_1109_TSC_2022_3195071
crossref_primary_10_1016_j_jss_2024_112062
crossref_primary_10_1088_1742_6596_1530_1_012007
crossref_primary_10_1007_s10515_023_00385_x
crossref_primary_10_1007_s11771_009_0044_0
crossref_primary_10_1002_sec_1374
crossref_primary_10_1142_S0218194025500408
crossref_primary_10_1145_1595453_1595484
crossref_primary_10_1007_s11859_012_0880_x
crossref_primary_10_1109_TDSC_2021_3095417
crossref_primary_10_32604_cmc_2020_013854
crossref_primary_10_1007_s10664_025_10649_7
crossref_primary_10_1016_j_jss_2016_12_006
crossref_primary_10_3390_en14082161
crossref_primary_10_3390_s19020334
crossref_primary_10_1109_ACCESS_2022_3216395
crossref_primary_10_1126_science_1168661
crossref_primary_10_4018_IJSSSP_2020010103
crossref_primary_10_4028_www_scientific_net_AMR_631_632_1390
crossref_primary_10_1016_j_jss_2022_111283
crossref_primary_10_1109_MSP_2005_60
crossref_primary_10_1016_j_ijhcs_2006_08_003
crossref_primary_10_1109_MSP_2004_95
crossref_primary_10_1109_OJCOMS_2024_3356076
crossref_primary_10_1109_TSE_2007_70712
crossref_primary_10_1007_s10207_023_00669_z
crossref_primary_10_1016_j_cose_2012_04_005
crossref_primary_10_1016_j_hrmr_2012_06_010
Cites_doi 10.1109/MSECP.2003.1193213
10.1109/MSECP.2003.1176996
10.1109/MSECP.2003.1253571
10.1109/62.666831
10.1109/MS.2002.1049391
ContentType Magazine Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2004
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2004
DBID RIA
RIE
AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
7SP
F28
FR3
DOI 10.1109/MSECP.2004.1281254
DatabaseName IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
Electronics & Communications Abstracts
ANTE: Abstracts in New Technology & Engineering
Engineering Research Database
DatabaseTitle CrossRef
Computer and Information Systems Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Advanced Technologies Database with Aerospace
ProQuest Computer Science Collection
Computer and Information Systems Abstracts Professional
Electronics & Communications Abstracts
Engineering Research Database
ANTE: Abstracts in New Technology & Engineering
DatabaseTitleList
Technology Research Database
Computer and Information Systems Abstracts
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1558-4046
EndPage 83
ExternalDocumentID 2583182841
10_1109_MSECP_2004_1281254
1281254
Genre orig-research
GroupedDBID -~X
0R~
29I
4.4
5GY
5VS
6IK
97E
AAJGR
AARMG
AASAJ
AAVXG
AAWTH
ABAZT
ABQJQ
ABVLG
ACIWK
AENEX
AETIX
AFOGA
AGQYO
AGSQL
AHBIQ
AIBXA
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ATWAV
AZLTO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
HZ~
H~9
IEDLZ
IFIPE
IPLJI
JAVBF
LAI
M43
O9-
OCL
P2P
PQQKQ
RIA
RIE
RNI
RNS
RZB
AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
7SP
F28
FR3
ID FETCH-LOGICAL-c355t-9bab88c8eb101e3fbe8cc2fbc1bffa0a235f71322e3581f85c36bd0b84dacc973
IEDL.DBID RIE
ISICitedReferencesCount 220
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000227718400019&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 1540-7993
IngestDate Mon Sep 29 06:40:59 EDT 2025
Sun Sep 28 06:13:53 EDT 2025
Sun Oct 05 00:09:45 EDT 2025
Sat Nov 29 08:10:09 EST 2025
Tue Nov 18 22:18:56 EST 2025
Wed Aug 27 02:49:40 EDT 2025
IsPeerReviewed false
IsScholarly false
Issue 2
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c355t-9bab88c8eb101e3fbe8cc2fbc1bffa0a235f71322e3581f85c36bd0b84dacc973
Notes ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
content type line 23
PQID 920883022
PQPubID 23500
PageCount 4
ParticipantIDs ieee_primary_1281254
proquest_miscellaneous_901659928
proquest_miscellaneous_28778542
crossref_primary_10_1109_MSECP_2004_1281254
proquest_journals_920883022
crossref_citationtrail_10_1109_MSECP_2004_1281254
PublicationCentury 2000
PublicationDate 2004-03-01
PublicationDateYYYYMMDD 2004-03-01
PublicationDate_xml – month: 03
  year: 2004
  text: 2004-03-01
  day: 01
PublicationDecade 2000
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE security & privacy
PublicationTitleAbbrev SECP-M
PublicationYear 2004
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref4
Viega (ref2) 2001
ref3
ref6
s1ref2
s1ref1
s1ref3
Walsh (ref5) 2003
Hoglund (ref1) 2004
References_xml – volume-title: Building Secure Software
  year: 2001
  ident: ref2
– ident: ref3
  doi: 10.1109/MSECP.2003.1193213
– ident: s1ref2
  doi: 10.1109/MSECP.2003.1193213
– ident: ref6
  doi: 10.1109/MSECP.2003.1176996
– volume-title: Information Security Magazine
  year: 2003
  ident: ref5
  article-title: Trustworthy Yet?
– ident: s1ref1
  doi: 10.1109/MSECP.2003.1253571
– ident: ref4
  doi: 10.1109/62.666831
– volume-title: Exploiting Software: How to Break Code
  year: 2004
  ident: ref1
– ident: s1ref3
  doi: 10.1109/MS.2002.1049391
SSID ssj0021158
Score 1.2043679
SecondaryResourceType review_article
Snippet Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 80
SubjectTerms Application software
Best practices
Buffer overflow
Computer bugs
Computer errors
Computer hacking
Computer information security
Computer programs
Computer security
Defects
Extensibility
Fuels
Internet
Materials handling
Risk
Software
Software systems
Technologists
Title Software security
URI https://ieeexplore.ieee.org/document/1281254
https://www.proquest.com/docview/920883022
https://www.proquest.com/docview/28778542
https://www.proquest.com/docview/901659928
Volume 2
WOSCitedRecordID wos000227718400019&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LS8MwGP_YhgdPm05xzkcP3rRb2qRNcpTh8OIYTGG3kqQJCLLJuum_b5I-RHyAt9J-bZOvyffo9_gBXFkrgCNJdJggmYSEyjwUVvOFiAiscZwbHecebILOZmy55PMW3DS1MFprn3ymR-7Qx_Lztdq5X2VjF_WxDk0b2pSmZa1W41xZy8aXvblAP7VKty6QQXz8sLibzL0rOKqe8EUJeVSVb6LY65dp938j60G37gsd3JZf_gBaenUI3RqkIaj2bB96Cyto38VGB0UFVXcET9O7x8l9WOEghMpaA9uQSyEZU8yKVRRpbKRmSsVGqkgaI5CIcWKo8yq1a2ZmWKJwKnMkGcmFUpziY-is1it9AgFOFUkxjbi1i4g2iTACOyMxlkgQRdgAopoxmaqahDusipfMOwuIZ56ZDrySZNWkB3Dd3PNatsj4k7rv2PdJWZ8e1vzPql1UZDy2MhBbK2MAl81Vu_xdTEOs9HpXZNbhoywhliL4hYK7gi07Q3b685uHsF9m47i8sjPobDc7fQ576m37XGwu_CL7AJ0-zPk
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1bT8IwFD5BNNEnUDQiKnvwTQdl7Vj7aAgEIxASMOFtabs2MTHDMNC_b1s2jPGS-LZsZ5ee7dx2Lh_AjfECGBJE-SESoU8ikfjcWD4fEY4VDhKtgsSBTUSTCV0s2LQEd7teGKWUKz5TLbvpcvnJUm7sr7K2zfqYgGYP9i1yVt6ttQuvjG_jGt9sqj8yZrdokUGsPZ71e1MXDLbya3wxQw5X5ZsydhZmUPnfs1WhUkyG9u637_4YSio9gUoB0-DlUluD6syo2ne-Ul6Wg9WdwtOgP-8N_RwJwZfGH1j7THBBqaRGsaKOwlooKmWghewIrTniAQ51ZONKZceZaRpK3BUJEpQkXEoW4TMop8tUnYOHu5J0cdRhxjMiSodcc2zdxEAgTiShdegUjIllPibcolW8xC5cQCx2zLTwlSTOF12H2905r9shGX9S1yz7PimL3Y2C_3EuR1nMAqMFsfEz6tDcHTUCYLMaPFXLTRabkC-iITEU3i8UzLZsmRXSi5_v3ITD4Xw8ikcPk8cGHG1rc2yV2SWU16uNuoID-bZ-zlbX7oP7AHdX0EI
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Software+security&rft.jtitle=IEEE+security+%26+privacy&rft.au=McGraw%2C+G&rft.date=2004-03-01&rft.issn=1540-7993&rft.volume=2&rft.issue=2&rft.spage=80&rft.epage=83&rft_id=info:doi/10.1109%2FMSECP.2004.1281254&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1540-7993&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1540-7993&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1540-7993&client=summon