Behind the information systems that electronically govern almost every aspect of our lives, there are applications and databases that process and keep our data. If the application and the database .parts of system that we all implicitly trust to process and hold our critical or sensitive data. are not secure, the potential impact on our lives, and even on our broader society, could be devastating.
In many cases, deploying network security countermeasures can defend our system against malicious attacks. But in other cases, the original vulnerability lies with the software. Software can be correct without being secure. Software can meet every requirement and perform every specified action flawlessly, yet still be exploited by a malicious user. Even after putting so much time, money, and effort on network security, the potential problems will still be there as long as the application.s and database.s security vulnerabilities get no serious attention.
Some of the vulnerabilities .perhaps. are already discovered over the years as we deploy the application and the database. The rest of the software vulnerabilities remain undiscovered, but they.re there. They all have the potential to be discovered and be exploited.
Something that matters: by whom.