A security issue is a topic of great concern to all software developers. Software that meets its functionality requirements coupled with tight and impenetrable security features and controls is desired software by all organizations and individuals. In as much as there has been advancement in security implementation in software, vulnerabilities have always been seen in them. Some of the security risks are associated with poor development of the software while some are due to poor policy framework and software usage. In the past, there has been software security breaches that ended up causing undesired effects to the parties affected.
Software security problems cases
In the year 2008, a conman walked in one of the Barclays branches and posed as its chair Marcus Agius. He was successful in withdrawing more than ten thousand pound in total. It was reported that the conman had found Mr. Marcus Agius’ details online thus taking the advantage of the same. This case depicts how online systems used by banks can be breached due to poor development or application of proper user policies. Though the bank reported that it has a 100% fraud-guarantee system that guarantee customers’ information safety, the fraudster still found a chance to steal the data of Mr. Agius.
The greatest breach of all times happened to TJX companies in the year 2007. It was reported that the company had its computer system hacked and clients information stolen. The severity of the attack was so big that the company had to spend more than five million dollars to improve security features of its systems to safeguard more than 45.7 million client’s data.
A security card company Heartland Payment Systems Inc. was also affected with a security breach in the year 2009. It is reported that the more than 100 million customers’ data was stolen. Luckily, the culprits were captured and indicted.
Apple’s i-pads software was also affected in the year 2010. Early bird users realized that their information was compromised due to poor software applications running on the devices. More than 100,000 users had their accounts compromised.
Epsilon is one of the largest email marketing providers which has had their databases hacked in April 2011. Some of the company clients include Visa and Citigroup. It is believed that some of the clients’ data were stolen in the act.
More than 70 million users of the Sony play station may have had their credit card information stolen due to a hack in to the system earlier this year. The play station was brought down by the company for almost two months in a bid to repair it.
Preventing the problems
Software applications should be designed based on modularity to ensure that interdependency is minimized (Dines, 2006). This ensures that corruption on one module cannot expressively affect another module; on the other hand, open-close principle should be applied. Software entities such as classes and modules should be designed and implemented in a way that ensures that they should be open for extension but limited/closed for modification.
In the design process, there should have been need by the developers to develop proper assessment methods to evaluate the security level of the system before deployment. Application design assessment evaluates the security of an application or a module in an application putting into consideration the modularity and cohesion aspect of modules. As the code is developed, review has to be done to identify, prioritize and remedy security issues related to it. Penetration test is also done to establish the extent of cross-referencing in the code (Dines 2006).
Finally, there should be an ongoing process of software life cycle review. In this process there should be an establishment of the baseline for software security within the organization and identify key security goals and objectives. Errors or vulnerabilities found in the system should be fixed well the instant it is discovered.
BBC Business News. (2008, January 10). Conman poses as Barclays chairman. Retrieved August 17, 2011, from BBC: http://news.bbc.co.uk/2/hi/business/7181741.stm
Dines, B. (2006). Software engineering 3: Domains, requirements, and software design. Basel: Birkhäuser.
Sephra, S. (2011, June 16). The 7 biggest security breaches in corporate history. Retrieved August 17, 2011, from Naked law: http://nakedlaw.avvo.com/2011/06/the-7-biggest-security-breaches-in-corporate-history/