Back in the days when dial-up modems were flashy technology, David Lightman (played by Matthew Broderick) said in the 1983 movie WarGames, “I don’t believe that any system is totally secure.” The wisdom of those Hollywood words has been proven time and again. So, any claim that a particular software package is free of bugs—particularly those that enable hackers to compromise the system—is false.
At InfoWorld, Roger A. Grimes said, “When a [software] product goes mainstream, hundreds or thousands of unwanted code reviewers and product testers start pounding on it. They’ll find the bugs that others did not find—and if the vendor is unlucky, they’ll use that evidence to scare away customers.” Anyone who has written software, even including small programs, knows that the confounded inflexibility of computers means the software will often do things its creator didn’t or couldn’t predict. Testing by others, including professional firms, can be of tremendous value, but given the size of many programs today, identifying every weakness is simply impossible. Grimes also noted that “no single code reviewer or hacker team ever finds every bug. They find every bug they’ve been trained to find by their tools and experience in the amount of time they’ve been given. Add more teams (for experience, skills, and tools) and in time, you’ll find more bugs. That’s 100 percent guaranteed.”
As systems become more complex, so does the task of securing them. That situation implies that enterprising hackers may have an even greater opportunity to successfully breach those systems. The news headlines regularly proclaim the latest breach, from the case of the U.S. Office of Personnel Management (OPM) to a recent compromise at the Internet Corporation for Assigned Names and Numbers (ICANN). Perhaps it’s common sense: simply file this one away under “nothing is perfect.” Perhaps, however, the complexity of IT systems is running up against a limit in what it can economically secure. Time will tell.
Read more about software