Understanding Vulnerabilities

INTRODUCTION: VULNERABILITIES REMAIN MISUNDERSTOOD

Software vulnerabilities are a reality for everyone who uses technology. Every month, software companies release patches to fix vulnerabilities discovered in the devices we use every day. Windows, MacOS, Linux, iOS and Android all receive patches regularly after new vulnerabilities are discovered in their operating systems. Vulnerabilities are not only limited to operating systems, but software applications, mobile device apps, and even software components are also prone to software bugs, that could give threat actors a foothold into a system. While we all live with the dynamic state of Internet-connected software, vulnerabilities still remain a misunderstood part of our lives.

For simplicity’s sake, this paper will address three basic types of software: operating systems, applications/apps, and software components, and firmware. All of these are susceptible to vulnerabilities and will likely have patches released by their respective software vendor, provided the software is supported by that vendor.

1. Operating System: Software that manages computer hardware, and resources. Examples are Windows, MacOS, Linux/UNIX, iOS, Android.

2. Applications/Apps: Software that runs in an operating system and is used to add functionality and perform specific tasks. Examples are Excel, Google Chrome, Zoom, Adobe Photoshop, Instagram, and Spotify.

3. Software Components: Software that is used to add functionality to other software. Often software developers use proven, well-tested software components to add features to their software rather than writing something from scratch. For example, web servers tend to use OpenSSL, the software that gives you the encrypted connection between your browser and the web server. Examples are Log4j and OpenSSL.