Surprising as it may be, the programmers that code the applications and software for use by million and millions of people all around the world are the main reason why these get hacked or compromised so often. Previously, the common notion was that hackers are supernatural human being with extraordinary capabilities which allow them to break into any system but as it turns out that it was the programmers’ fault all along. Different researches conducted by various different companies have revealed that the re-use of software by the programmer in the development process makes the software or application vulnerable to threats and attacks from the outside. If a serious thought be given to the matter, it becomes strikingly clear that all this time, this has been the prime reason as to why there has been an exponential rise in cybercrimes and hacking attacks. The digital world as we know it, is not safe from loop holes that are waiting to be exploited by an able evil genius like a ticking time bomb.
Our modern day environment is dynamic and fast-paced. The programming world is no exception to it and therefore, companies today want to push out as many softwares as they can in the minimum time frame. This has led to an increase in the pressure on the programmer to write that price of software as quickly as he can. In cases, where pressure from the company is not the key factor, developing a software from scratch while all the building blocks can be easily found on the Internet, seems like a waste of code and efficiency. Therefore, to utilize their time in more productive tasks, programmers these days tend to re-use the code already developed by third parties and employ it in their code.
Chris Wysopal, co-founder and executive at software security company Veracode had to say the following on the matter:
“That’s the trend — to reuse as much code as possible. It speeds up production time and lets software programmers work on solving new problems instead of reinventing the wheel.Everything is good about that except for the inheriting-vulnerabilities part.”
Essentially all the software that we are using today, starting from the application on our smartphones to the games that we play, everything has been constructed using the code that was developed by somebody else. Only the operating systems are a liability to the reuse of software and therefore, all our information and data is at a risk of being exploited because all of use one or more application that make use of such spun off software.
Who is at risk?
Everybody, including the government run websites are at a risk of misuse of data. All of us have witnessed incidents like abuse of the social security numbers of citizens and release of critical information that no common citizen has access to otherwise. The reuse of software has left none safe. Various organizations have analyzed software, applications and websites run by the government as well as the private sector. The company Veracode, in this regard had to report that, 6.9 million flaws in more than 200,000 scripts were found as a result of inspections. 4.7 million of these flaws were fixed.
There are others like Sonatype, who are essentially performing the same task but do not consider the practice of reusing or simple copy/pasting of code lethargic. Chief technology. Sanotype, Joshua Corman has checked government funded websites for bugs and states that such websites consist of numerous bugs making them an easy target for attacks. This is the reason why attacks on the officially funded websites have been on a rise in the previous years. Not only have that retail stores like Target also been proved to have many weak links in the software that they have deployed. The reason is the same; use of third party software without properly analyzing and scrutinizing it. Sadly, the basis for the use of any third party script is that it gets the job done. There are practically zero testing standards to ensure the safety of the code being reused.
In many of the cases, the softwares deployed lack even the most basic, data encryption features and if they do, they are buggy owing to the fact that they have been constructed using already existing piece of code.
How to eradicate the problem?
Wysopal, was of the opinion that, “The pace of software development is only speeding up, meaning the problem is harder to keep up with. New languages and new environments to write code in are continuously being invented, and companies want to push software out the door as quickly as possible, but speed doesn’t have to sacrifice security. They don’t need to be mutually exclusive. If you build security processes in or if you require vendors to build it in, you can still go fast. It can’t be an afterthought.”
It is clear that only an effort by the concerned companies and the programmers themselves can help control the problem if not eradicate it completely. The existing software and applications need to be checked for vulnerability and the updates to these need to be developed such that all reused software should be free of any loop hole. It is understandable that the reuse of code is essential to maintain efficiency but it is the ethical responsibility of the programmer to make sure that the code that he is reusing is free of any liabilities.
Until and unless these crucial steps are adopted in the form of an ethical practice by the software developing countries or at the state level by implementing a law, we will all be a victim to these security risks. The past holds many unpleasant examples where the misuse of data from both the government and the private companies has led to serious consequences. Perhaps, its about time that we learn from our mistakes for if we continue to live the lives of ignorance, the digital doomsday is just around the corner.