Software security has evolved into a full fledged industry with the growth of the Software Industry itself. There have been many instances where in organizations had to shut down business because they were unable to guard their intellectual assets.
There are many factors which have triggered the need for better software security solutions. These factors have with time increased themselves manifold and in turn have given a lot of opportunity and space for software security measures to innovate and flourish.
The foremost factor that has contributed heavily in the development of security measures is the connectivity of computers with each other. Be it internet, intranet, WAN, or LAN all have their share in contributing to the growth process. Connectivity over the internet has increased the number of attackers and the ease with which the attacks can be made. Access through a network does not require human intervention thus launching automated attack is easy and sometimes difficult to trace.
Our systems have become extensible that is we are ever ready to accept updates and extensions which are called mobile code. This functionality of the system has an incremental value for the system that we use. Today the marketplace demands that majority of the applications provide new features with each release. The main drawback of these extensile systems is that unwanted and malicious bits of code slip in along with the ones that are necessary to be installed in from of extensions.
The complexity of the codes on which applications work is yet another reason for the growing concern among programmers and coders. To take an example Windows XP consists of 40 million lines of codes. Languages such as C and C++ which form the basis for the majority of applications being developed it is not really possible to prevent even simple lines of attacks.
Everybody is of the view that more code means more bugs. Thus more complex a code in the development of an application chances are that it will be troubled by many bugs until and unless a proper checking and debugging session is not taken.