Software Vulnerabilities by Jesse Young (April 17, 2011)

Title:

How safe are we from attacks

First Impression:

My idea from this is that with the many software that we have that are connected through the internet, we and the software are prone to the hackers and viruses that are all over the internet.

Quote:

“When someone discovers a flaw in software, he or she can choose one of several paths. The simplest of these paths is to do nothing, a less than ideal option, as it leaves the software in a state of vulnerability, waiting to be found or exploited by the next person.”

Reflection Proper:

With the information systems present in the digital age, system software are present all around us from the ticketing system of a train, systems that runs the business like SAP, and many more. All of these systems runs on a software and some of these software may or may not be secured from outside attacks or hacks. Just like an example in the article where a group from MIT was able to found an exploit in the Massachusetts Bay Transportation Authority wherein they are able take advantage of the free transportation. They then reported their findings in DEF CON which is a hacking conference held in the US. Like in this example the software today may or may not be perfectly secure from hacks, people can still find loopholes or try to infiltrate these software an exploit it to their advantage. When we are able to find these loopholes or hacks, we have decisions where we can choose form. One is to not tell anyone about it but it will only lead to another person finding it in the future. Second is to notify the company or the vendor that uses that system but by doing that it can lead to accusation and lawsuits that are saying you are invading their system or exploiting it. The last decision you can make is like what the group in MIT did where they revealed it to the media with good intent. In a Philippine setting I think that only the first choice is made by leaving that system on its own and still vulnerable because I think that most of us are still scared in revealing what is the truth where the media here can just cover those up or even use it against you. But it is best to let the vulnerability be known so that it can help prevent further or future vulnerabilities. 

5 Things That I've learned (List down 5 things that you've learned from the article)

1. All software are prone to vulnerabilities.

2. People have many choices when they find an exploit or vulnerability in a system.

3. Sometimes finding vulnerabilities can also help the company or vendor.

4. Software nowadays can never be perfectly secure.

5. Software vulnerabilities are also present online.

5 Integrative Questions 

1. What will you do when you find a vulnerability to a software?

2. What will you do when someone find a loophole in your software?

3. Do you think it is ethical to hack or find a loophole in a software or system?

4. Do you think there is another choice you can make when you find a vulnerability in a software?

5. Is there any way to prevent software vulnerabilities from happening?