Securing an insecure world

Why do we have insecure software? That is a question Edward Roback, a computer security expert, is often asked.

"There are many answers," said Roback, chief of the computer security division at the National Institute of Standards and Technology. The first is that anything to do with software is complex, he said, and security is no exception.

A second reason is a lack of standards for secure software. Consequently, everybody tends to have unique ideas about it, Roback told Federal Computer Week.

But even where standards for secure software exist, software testing reveals that programmers often fail to translate standards into correct code, Roback said. Most software is not adequately tested before it is sold and used.

And why is software not thoroughly tested before people start using it? In part, Roback said, because there are few tests available for examining software that are quick, cheap and fast.

Finally, Roback said, software is insecure because not much good advice is available to help people use the security features that do exist in products.

Software security is not only complex but also mysterious, Roback said. "If you go buy a printer, hook it up to a PC and send it something to print, you can tell whether it works," he said.

But if someone hooks up a firewall, for example, it is a mystery whether it works or not. "It sits there and hums, and you don't know if it's doing it right or wrong," he said.

Roback said software security must improve. "I hope that it would get better, but the indications are that it's very challenging to get better," he said.

Software quality is another concern, Roback said. Software quality has implications for usability and even for the safety of human life. "Does the software do what it is intended to do, and does it not do the unintended?

Roback asked, "How do you go about finding out whether there is a trap door or a Trojan horse buried in two million lines of code? It's a very challenging problem," he said, "and a very important one."