This question concerns the risks to software from user input. Many software appl

Question

This question concerns the risks to software from user input. Many software applications can be damaged by inappropriate input (for example, buffer overflow or SQL injection attacks can occur). Suppose an organization tries to control this problem by requiring, as a policy, that before any software application is installed on any machine in the organization, the Chief Security Officer has checked that the application program is not at risk from bad user input. Discuss the impact of this policy on the likelihood or extent of damage caused by an attack, and on the normal work of the organization.

Explanation / Answer

Dear user,


By implementing a policy where, any software application before being installed on any machine in the organization has to be checked by the Chief Security Officer (CSO), the risks occurred by bad user inputs can be minimized up to certain extent. The damage caused by such risks can be reduced. As the chief security offices verifies for the bad user input, the risks will be reduced and the application can be successful.

But this policy may disturb the normal work of the organization. It may interrupt some functioning. Every application program being checked by CSO is a huge task. In requires more effort. It involves huge work load to CSO and also time taking.
Since each application has to be checked before installing, the work may be stopped temporarily. The application cannot be started immediately. As there will be many systems in an organization, verifying all the applications at each system takes more time and one may wait for a long time to complete its verification and in the mean while, all its functions may be stopped. Hence disturbs the normal work.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.