What is the relationship between Software Lines of Code and Security Bugs ?

Our world today is more connected than ever. We have our pacemakers, 3D printers, Insulin pumps and even cars connected to the internet. Moore's law states that the number of transistors on integrated circuits would double every two years. Or in simple terms, the processing speed will double every two years or 18 months or 12 months.

With the drastic growth in processing powers, we saw a steep increase in the internet connected systems and software. The millennials are too dependent on internet and apps for personal data storage, banking, studies and even employment. The source code of Apollo 11 Guidance system that took the US to the moon and back was published on GitHub. It contains 145,000 Lines of Code (LOC). Now compare that with a space shuttle that uses a 400,000 LOC, curiosity (rover) 2.5 Million LOC, Android 12 Million LOC and Google services which is at a whopping 2 Billion LOC.

Many researches state that, on average, there are around 30 to 50 bugs in 1000 LOC. Now if we do the math, that is nearly 1.5 to 2.5 Million Software bugs for 50 Million Lines of Code. As a result, we see a high increase in security vulnerabilities since the codebases are on a rapid increase.

End of Moore's Law

Most industry experts suggest that the Moore's Law has reached its end. Moore's Law has been driving the digital revolution for more than half a century. There are few new technological architecture emerging which will be commercialized within 10 to 15 years. The growth of Quantum computers and neuromorphic computing will threaten the current technologies such as PKI systems which is used for encrypting our internet traffic.

Ever-Increasing Vulnerability on technologies and software products

The graph below shows that the rate of increase in publicly disclosed vulnerabilities (CVE) each year. If you notice, the year 2017 has the maximum number of vulnerabilities disclosed. This is due to multiple factors such as the increase in Internet connected devices and technologies.

Software companies and developers must focus on the real problem of fixing security bugs on their system rather than focusing on the background noise.

Reference:
CVE Details: http://www.cvedetails.com/
Image Source: https://www.itworld.com/article/2725085/big-data/curiosity-about-lines-of-code.html

Comments

Digital Dark Age: Information Explosion and Data Risks

“Old formats of documents that we’ve created or presentations may not be readable by the latest version of the software because backwards compatibility is not always guaranteed,” says Vint Cerf, Google’s Vice President and one the fathers of the Internet. Digital dark age describes the belief that the rapid evolution of technology will eventually make storage formats obsolete, and data will not be accessible to generations to come. It’s easy to assume that the data we store will somehow be preserved forever. Vint Cerf calls this phenomenon as ‘ bit rot ‘. Evolution of Digital Storage Magnetic tape was the first storage medium that revolutionized the digital industry. It was first introduced in the year 1928. Over the years, magnetic tape can suffer from deterioration called sticky-shed syndrome , caused by absorption of moisture into the binder of the tape, rendering the tape unusable. Storage of 1024 bits of information was successfully implemented in 1948 using ele...

Difference Between Information Security and Cyber Security

I have been working the cybersecurity field for many years. I have come across people with different levels of technical knowledge, but very few possess the ability to explain a complex technical concept in simple terms. The funny part is, I have also seen people explaining simple concepts in the most complicated form. Understanding and correlating is the mother of all knowledge No technology remains fixed. Technology starts, develops, persists, mutates, stagnates, and declines. With the ever-growing advancement in technology, the amount of time a person spends in understanding the technology is comparatively lower. Gone are the days when children and teenagers would play around with breaking and reassembling toys. Today's children and teenagers spend most of their playtime on gadgets and social media platforms. The ability to break and reassemble things is slowly fading away from the younger generation. The education pattern in schools and colleges must be upgraded to compl...

Purpose - WHY? + HOW? = SUCESS

The value of thinking about "WHY".... Benefits of asking "Why?" will help you in understanding what you are trying to accomplish. It defines success. It creates decision making criteria. It aligns resources. It motivates. It clarifies focus. It expands options. In order to reach our short term or long term goals, we have to analyze the purpose of the action to be performed. Purpose defines Success Lets jump on to the "How" part. Once we have gone through all the stages such as defining goals, aligning resources, clarifying focuses etc. Then comes the implementation. i.e We need to know how those resources and goals can be attained. We all are familiar with the most brilliant, complex and the creative planner in world: our brain. Knowingly or unknowingly we are in ourselves a planning machine. We are planning when we get dressed, go out for dinner or even talk. Human mind instantaneously plans and organizes actions. For example: when...

Search This Blog