Developers often think of software quality in terms of faults and failures. Faults are problems, such as loops that never terminate or misplaced commas in statements, that developers can see by looking at the code. Failures are problems, such as a system crash or the invocation of the wrong function, that are visible to the user. Thus, faults can exist in programs but never become failures,
because the conditions under which a fault becomes a failure are never reached. How do software vulnerabilities fit into this scheme of faults and failures? Is every fault a vulnerability? Is every vulnerability a fault?
What will be an ideal response?
Vulnerabilities
are
both.
Not
every
vulnerability
will
be
visible
to
developers,
since,
for
example,
vulnerabilities
may
exist
because
of
context
of
use.
(For
example,
consider
a
program
that
displays
warning
messages
about
credit
card
authorization
failures.
Displaying
this
information
is
not
a
vulnerability
if
only
clerks
can
see
the
screen.)
Not
every
fault
that
developers
can
see
is
a
vulnerability;
some
faults
might
be
in
code
that
cannot
be
reached.
You might also like to view...
The discussion of base/bounds registers implies that program code is execute-only, and data areas are read-write-only. Is this ever not the case? Explain your answer
What will be an ideal response?
Select the escape sequence that starts a new line when used with echo:
A. ?\\ B. ?\a C. ?\n D. ?\r