Skip to main content

What is the relationship between Software Lines of Code and Security Bugs ?

Our world today is more connected than ever. We have our pacemakers, 3D printers, Insulin pumps and even cars connected to the internet. Moore's law states that the number of transistors on integrated circuits would double every two years. Or in simple terms, the processing speed will double every two years or 18 months or 12 months.

With the drastic growth in processing powers, we saw a steep increase in the internet connected systems and software. The millennials are too dependent on internet and apps for personal data storage, banking, studies and even employment. The source code of Apollo 11 Guidance system that took the US to the moon and back was published on GitHub. It contains 145,000 Lines of Code (LOC). Now compare that with a space shuttle that uses a 400,000 LOC, curiosity (rover) 2.5 Million LOC, Android 12 Million LOC and Google services which is at a whopping 2 Billion LOC.


Many researches state that, on average, there are around 30 to 50 bugs in 1000 LOC. Now if we do the math, that is nearly 1.5 to 2.5 Million Software bugs for 50 Million Lines of Code. As a result, we see a high increase in security vulnerabilities since the codebases are on a rapid increase.

End of Moore's Law

Most industry experts suggest that the Moore's Law has reached its end. Moore's Law has been driving the digital revolution for more than half a century. There are few new technological architecture emerging which will be commercialized within 10 to 15 years. The growth of Quantum computers and neuromorphic computing will threaten the current technologies such as PKI systems which is used for encrypting our internet traffic.



Ever-Increasing Vulnerability on technologies and software products

The graph below shows that the rate of increase in publicly disclosed vulnerabilities (CVE) each year. If you notice, the year 2017 has the maximum number of vulnerabilities disclosed. This is due to multiple factors such as the increase in Internet connected devices and technologies.


Software companies and developers must focus on the real problem of fixing security bugs on their system rather than focusing on the background noise.

Reference:
CVE Details: http://www.cvedetails.com/
Image Source: https://www.itworld.com/article/2725085/big-data/curiosity-about-lines-of-code.html

Comments

Popular posts from this blog

Difference Between Information Security and Cyber Security

I have been working the cybersecurity field for many years. I have come across people with different levels of technical knowledge, but very few possess the ability to explain a complex technical concept in simple terms. The funny part is, I have also seen people explaining simple concepts in the most complicated form. Understanding and correlating is the mother of all knowledge No technology remains fixed. Technology starts, develops, persists, mutates, stagnates, and declines. With the ever-growing advancement in technology, the amount of time a person spends in understanding the technology is comparatively lower. Gone are the days when children and teenagers would play around with breaking and reassembling toys. Today's children and teenagers spend most of their playtime on gadgets and social media platforms. The ability to break and reassemble things is slowly fading away from the younger generation. The education pattern in schools and colleges must be upgraded to compl...

Digital Footprints and Privacy Concerns

“ It is too difficult to give exact statistics on the amount of data people leave, but confirmed every time we perform an online action, we are contributing to our digital footprint. Out digital footprint are more public than we would ever imagine. ” – Rob Livingstone, IT Consultant Digital footprints (aka  cyber shadow  or  digital shadow ) are the trail and traces on the Internet that we leave behind us as a result of our Web activities. Web sites collect information as you use them, with or without the knowledge of the user. Anytime a user visits and enters data into a Web site they should be aware that the data they enter could be stored, shared or used by the Web site. The data can be anything from surfing Webpages, phone calls, online shopping, updates and uploads on Facebook, Twitter, emails, to word searches on search engines such as Google, Bing and Yahoo. In the cyber world, everything we do, places we visit, and online contents that we read and write are ...