Security

Security demands a rigor like that of other computing areas that require high quality … In security, the universe is by definition hostile: a malicious agent actively seeks to cause a failure.

The general-purpose computing environment that characterizes the PC and Internet was not designed for privacy or integrity.

All this personal connectivity has a price: at times, people deal electronically with people they do not know, cannot name, and certainly have no basis to trust.

Measurement of software security is an ongoing research field. Privacy is also becoming an imperative target as social networking and ubiquitous computing evolve and users exchange high volumes of personal information. However, security and privacy alone don't guarantee proper data protection; software must also be dependable.

Software enables every aspect of the Web. Everything from device communication to online social networks is achievable only because of multiple lines of code. For various reasons, designing and building security and privacy into Web software is often an afterthought for most developers. This results in easily compromised systems that pose significant privacy and security risks to users.

Many software systems today control large-scale sociotechnical systems. These systems aren't just entangled with the environment but also with our dwindling resources and mostly unsustainable way of living, while the planet's population continues to grow. Dealing with sustainability requirements and systematically supporting their elicitation, analysis, and realization is a problem that has yet to be solved.

The ramifications of failing to completely and correctly address security can devastate an organization, not only in compromised data and financial cost but also in the time and energy spent to recover.

Buffer overflow vulnerabilities are perhaps the single most important security problem of the past decade.

Most commercial software producers guard access to the source code of their systems, making it difficult for anyone outside their organizations to apply a variety of measures that could potentially improve system security. But since an attacker could also examine public source code to find flaws, would source code access be a net gain or loss for security? … having source code available should on balance work in favor of system security.

Jslint … statically scans Java source code looking for potentially insecure coding practices. Automated source code scanning tools can help programmers easily prevent some types of bugs.

Measurement of software security is an ongoing research field. Privacy is also becoming an imperative target as social networking and ubiquitous computing evolve and users exchange high volumes of personal information. However, security and privacy alone don't guarantee proper data protection; software must also be dependable.

Software enables every aspect of the Web. Everything from device communication to online social networks is achievable only because of multiple lines of code. For various reasons, designing and building security and privacy into Web software is often an afterthought for most developers. This results in easily compromised systems that pose significant privacy and security risks to users.

Privacy is a critical design principle that must be balanced with how we utilize personal data in software. … the increasing importance of privacy in emerging software ecosystems, legal and standards compliance, and software design practice.

The changing global business environment and continued introduction of new technologies are significantly affecting organizations' privacy practices. In this environment, privacy-enhancing technology (PET) often becomes a key to protecting personal information.

All this personal connectivity has a price: at times, people deal electronically with people they do not know, cannot name, and certainly have no basis to trust.