Many of the security issues facing computers and networks are born out of small and careless mistakes made in software. In the case of The Cuckoo's Egg by Cliff Stoll, it was just a few lines of code that was ommitted from a popular program that allowed a hacker total control over a 6 million dollar system. These types of mallicious attacks crawl and creep their way through these tiny cracks and holes in software to take over and abuse a system.
With much of the world running on computer systems, computer security is an important topic. Just as in the physical world you would never build a house without any locking doors, or a bank vault with holes in the walls, software should take the same security precautions to prevent intruders, yet so many of our "bank vault" and "home" builders don't know how to install locks. So much of the curriculum in software design focuses on building fast, reliable, and amazing systems, but there is often far too little education on protecting the terrabytes of sensative information that could potentially flow through these systems.
Interesting point. It's funny that despite having taken a number of CS classes up to this point, I've been taught virtually nothing on the topics of security. Nothing about SQL injection, XSS, or anything. There is a security class, but that's a 400 level class and there's only one. We could definitely use more of this topic.
ReplyDelete