Programming mistakes cause most software vulnerabilities. A common mistake is failing to check the size of data buffers, a kind of storage bin of memory where a computer process executes its functions. When a buffer overflows, it overwrites data in adjacent memory buffers. This corrupts the stack or heap areas of memory, which may enable the execution of an attacker’s code on that machine via a virus, worm, or other offensive exploit.
Security experts estimate that about five to twenty bugs exist in every thousand lines of software code, so it’s no surprise to see regular reports of new vulnerabilities with related patches and workarounds. Your risk of vulnerabilities rises with the use of General Public License software, particularly because implementers plug in untested modules of object oriented programming code. When the quality of code is limited, bad, or just plain wrong, experts call it “non-robust”. Modules of code placed in the public domain may include non-robust implementations of Internet protocol standards, making them easy targets for attack when used in a real-world network.
Vulnerabilities must be identified and eliminated on a regular basis because new vulnerabilities are discovered every day. For example, Microsoft releases advisories and patches on the second Tuesday of each month – commonly called “Patch Tuesday”.
The exploitation of vulnerabilities via the Internet is a big problem that needs an urgent proactive control and management. That’s why organizations require using Vulnerability Management to identify and exclude vulnerabilities in order to reduce the security risk and prevent exposure.