T 0.28 Software Vulnerabilities or Errors

For all software the following applies: the more complex it is, the more likely errors will occur. Even after intensive testing, not all errors are usually detected prior to delivery to the customer. If software errors are not detected early, the crashes or errors of the application can result in far-reaching consequences. Examples for this include incorrect calculation results, wrong decisions at management level or delays in the workflow of business processes.

Due to software vulnerabilities or errors, serious gaps in the security can occur in an application or an IT system or all IT systems networked with it. Such gaps in the security can under certain circumstances be exploited by attackers to introduce malicious software, to access data in an unauthorised manner or to perform manipulation.

Examples:

• The most frequent warnings of the Computer Emergency Response Teams (CERTs) in recent years were related to security-relevant programming errors. These are errors made during programming of software which allow attackers to misuse it. A large proportion of these errors are caused by buffer overflows.
• Internet browsers are nowadays an important software component on clients. Browsers frequently do not only access the Internet but are also used for internal web applications in companies and public bodies. This is why software vulnerabilities or errors in browsers can impair information security overall particularly strongly.