Emergence of safety gaps

A safety gap results from program errors. Since a program consists of very many lines code, it is usually very with difficulty if not even not possibly to prepare a program error free.

Roughly estimated one can say that a programmer per 1.000 program line inserts an error; with 1.000.000 lines thus about 1,000 errors are to be expected. If with the alpha and beta process not all errors are found, an incorrect product is sold.

Utilization of safety gaps

These program errors make it for a Cracker possible for example to penetrate into a computer system and implement programs, which can there harm. One of the most frequent errors, which is used for the penetration into computer systems, is the buffer overflow. Lacking one or at all missing examination of the copied data set leads to the overwriting of other program sections, which is used by hackers purposefully for changing the program or bringing in strange program sections.

Handling safety gaps

In Closed SOURCE applications so mentioned the manufacturer of the program provides the necessary Patch. In open SOURCE and free software are it mostly several developers, scattered in the whole world, which write a Patch for it, as soon as the error was discovered and published on relevant web pages.

Related links

Safety gaps published up:

• Bugtraq (archives; English)
• Full Disclosure (archives; English)
• scip AG (archives; German)
• Heise Security
• Computec.ch of Marc Ruef

Explanations:

• Article "“risk formula for safety gaps found"” of Roland Kissling
• Description by Felix Mueller Sarnowski and Martin upper Meier

Examples

Examples are in of the: Category: Safety gap

Articles in category "Safety gap"

We found here 21 articles.