Software is everywhere. It runs your car. It controls your cell phone. Many products and services within both the public and private sectors are highly dependent on software to handle the sensitive data on which people’s privacy, livelihoods, health, and very lives depend.
National security, and by extension citizens’ personal safety, relies on complex, interconnected, software systems that in many cases use the uncontrolled Internet as their means for communicating and transporting information.
Security practices are not incorporated
Building, deploying, and operating software that has not been developed with security in mind can be high risk. Organizations rely heavily on software to conduct business. Much of today’s software is vulnerable to attack, given it has not been developed with security in mind.
Incorporating security practices during development reduces cost (associated with patching and incident response), reduces operational risk, enhances operational continuity and resiliency, and assist in meeting compliance requirements that rely on software.
Software is increasingly being exposed
Organizations often store, process, and transmit their most sensitive information through the use of software that are directly connected to the Internet. This software is increasingly being exposed through the use of, for example, web services.
This enables sensitive information to be accessed and manipulated by other web services, which are themselves software systems, all without human intervention. This increased exposure has made sensitive business information and the software that handle it more visible.
Defects and vulnerabilities in software are growing
The security of computer systems and networks has become increasingly limited by the security of their software. Security defects and vulnerabilities in software are common and is significantly growing because the exponential growth in the size and complexity of software systems.
The growing Internet connectivity of computers and networks and the corresponding user dependence on network enabled software have increased the number of attack vectors and the ease with which an attack can be made. This puts software at greater risk.