A bug is an error in a computer program or hardware. While usually the result of programmer error or oversight, bugs can also be introduced into a program through compiler error, incorrect assumptions about hardware or software interfaces, or can be intentionally coded into software to create obfuscated interfaces or back doors. While bugs often cause software to crash or produce unexpected results, certain types of software bugs can be exploited to gain unauthorized access to otherwise secure computer systems.
Security bugs are the focus of most of the development in the virus and spyware industries. Common programming errors can lead to many types of exploitable code such as buffer overflow vulnerabilities, poor exception handling, and race condition hazards. In the early days of the malware industry, the hunt for exploitable bugs was a race between who could find the bugs first. Depending upon who first identified any particular bug, the bug was either exploited or patched before exploitation. As the sheer quantity of bugs found in the dominant desktop operating system, Microsoft Windows, was too much to patch given the resources of the anti-malware industry, focus had shifted from patching all exploitable code to patching only code that was known to be currently exploited. Thus, at any one point in time as many as 50 known bugs could be found in Microsoft Windows alone, and hundreds more in application-level software.
The earliest written record of the term "bug" describing engineering error was written by Thomas Edison, in reference to usage of the word and obviously not as the inventor of the term. As Edison's inventions spread, so did his terminology and vocabulary. Thus, Edison is credited with proliferating the term bug, even if it does not list among his 1,093 US patents. The first known incident of an actual bug causing a computer failure was the famous Mark II incident in 1947, in which a large moth had short-circuited a critical relay. After the offending insect was removed from the machine it was taped into the computer's log with the note "First actual case of bug being found".
Programming Security Technology Terminology Questions
7 more days...