International Telecommunication Union   ITU
عربي  |  中文  |  Español  |  Français  |  Русский
 
 Advanced Search Advanced Search Site Map Contact us Print Version
 
Home : Office of the Secretary-General : Corporate Strategy Division : Global Cybersecurity Agenda
   
Vulnerabilities of Software Applications 

Many of the threats we face today, such as malware (viruses, worms and Trojans), are due to a wide range of issues including vulnerabilities in software applications that are exploited in order to gain unauthorized access to information and communication systems. Just as access to information is enhanced by the borderless nature of the information society, so too is access to vulnerable software applications and systems.

As efforts are made to reduce the impact of spam as a transport mechanism for the dissemination of malware and other forms of misuse of information technology, cybercriminals are changing strategies and exploiting vulnerabilities in software applications to launch their attacks through web-based applications. While the industry is well-organized for addressing vulnerabilities in security software through a number of standards, accreditation schemes and certification, not enough is being done to address the shortfall of applications on which many users rely for the delivery of critical services, in domains such as health, finance, commerce and public administration. For developing countries that rely on ICT applications to enhance access to basic services (such as e-health, e government and e-commerce), the threats posed by the exploitation of software vulnerabilities in order to gain unauthorized access and control of information systems cannot be overestimated. Such access could, for example, result in the modification of critical medical data, with results that could go far beyond financial losses.

There are regional and national initiatives underway to address the challenges related to standardizing accreditation for software applications in order to reduce their vulnerabilities and make access to the information society more secure. Such efforts focus mainly on security applications and devices. They need to be extended to normal applications. It is vital to leverage the experience of the software and hardware security industry and take account of existing initiatives and expertise to design strategies within a framework of international cooperation. Accreditation schemes, protocols and standards must also be put in place to address the security vulnerabilities exploited today by cybercriminals to gain access and control to information systems and data.
 

« Go back to overview

 

Top - Feedback - Contact Us -  Copyright © ITU 2009 All Rights Reserved
Contact for this page : Corporate Strategy Division
Updated : 2008-05-09