Download - Infocomm Security: Software Bugs
SOFTWARE BUGSPRESENTED BY CASSEY LOW
WHAT ARE BUGS?
• Error or fault in programming codes in the software made in the development stage that the programmer missed
• May require high-levelled programming skills to find bugs and a fix for it especially if there are millions of lines of codes
DEBUGGING • To debug is to find/fix bugs.• Often more time and effort is spent on finding & fixing bugs
than writing new codes.• The use of a debugger makes debugging easier & less time
wasting• Some bugs come into effect only when certain conditions
are triggered, so it might be missed in testing
EFFECT OF BUGS
• Some bugs may go undetected for a long time• Programs may freeze or crash
• Security problems may enable malicious users such as hackers to perform privilege escalation
TYPE OF BUGS
• Logic bugs: logic errors in program code (eg. infinite loops), usually harder to notice when there are many lines of codes some may go unnoticed • Syntax bugs: using wrong operator, many programming software (eg.
Netbeans, Eclipse) checks & shows the error made
• Arithmetic bugs, resource bugs, teamworking bugs, interfacing bugs, performance bugs, multi-threading programming bugs
WHAT CAN YOU DO WITH A BUG?
• They can be used in cyber warfare as weapons In May 2014, US indicted 5 members of Chinese army for stealing data from American companies (eg. Westinghouse & Alcoa)• Use it for zero-day attacks
• Sell it for profit• Fix it and take preventive measures
WHAT WOULD HAPPEN IF IT ENDS UP IN THE HANDS OF…• Malicious users bugs may be sold to bug brokers,
Cybercriminals and Cyberterrorists lead to zero-day attacks• Software makers fix it release patch for fixing the bug• Software security companies (eg. Exodus Intelligence) sell bugs to their
clients which range from software makers to government organisations
EXAMPLES OF BUGS & PROBLEMS CAUSED• Stuxnet (2009, the first true cyber weapon), Heartbleed
(recent - 2014), Y2K (Year 2000 problem)• Serious problems can arise depending on how the bugs are exploited.
• In the medical industry, bugs in the code controlling a therapy machine caused some patients deaths (1980)
• Bugs cost US economy an estimated $59 billion yearly
IN A NUTSHELL
• Bugs can be useful depending on how they are used.• Bugs help us to find new ways to prevent more bugs from
being created• The more bugs we analyse, the more we can learn & improve
our programming skills.
THIS PRESENTATION IS BASED ON…• Grossman, L., 2014. The Code War. Time Magazine, p. 16.• Wikipedia, 2012. Software bug - Wikipedia, the free encyclopedia. [Online]
Available at: http://en.wikipedia.org/wiki/Software_bug#Well-known_bugs
THANK YOU!Lets learn from bugs!