Many of the threats we face today, such as malware (viruses,
worms and Trojans), are due to a wide range of issues including
vulnerabilities in software applications that are exploited in
order to gain unauthorized access to information and
communication systems. Just as access to information is enhanced
by the borderless nature of the information society, so too is
access to vulnerable software applications and systems.
As efforts are made to reduce the impact of spam as a
transport mechanism for the dissemination of malware and other
forms of misuse of information technology, cybercriminals are
changing strategies and exploiting vulnerabilities in software
applications to launch their attacks through web-based
applications. While the industry is well-organized for
addressing vulnerabilities in security software through a number
of standards, accreditation schemes and certification, not
enough is being done to address the shortfall of applications on
which many users rely for the delivery of critical services, in
domains such as health, finance, commerce and public
administration. For developing countries that rely on ICT
applications to enhance access to basic services (such as
e-health, e government and e-commerce), the threats posed by the
exploitation of software vulnerabilities in order to gain
unauthorized access and control of information systems cannot be
overestimated. Such access could, for example, result in the
modification of critical medical data, with results that could
go far beyond financial losses.
There are regional and national initiatives underway to
address the challenges related to standardizing accreditation
for software applications in order to reduce their
vulnerabilities and make access to the information society more
secure. Such efforts focus mainly on security applica¬tions and
devices. They need to be extended to normal applications. It is
vital to leverage the experience of the software and hardware
security industry and take account of existing initiatives and
expertise to design strategies within a framework of
international cooperation. Accreditation schemes, protocols and
standards must also be put in place to address the security
vulnerabilities exploited today by cybercriminals to gain access
and control to information systems and data. |