Software’s Importance

Application system controls come in various flavors with many different goals. They can control input, processing, number-crunching methods, interprocess communication, access, output, and interfacing to the system and other programs. They should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development. The goal is to prevent security compromises and to reduce vulnerabilities and the possibility of data corruption. The controls can be preventive, detective, or corrective. They can come in the form of administrative and physical controls, but are usually more technical in this context.

The specific application controls depend upon the application itself, its objectives, the security goals of the application security policy, the type of data and processing it is to carry out, and the environment the application will be placed in. If an application is purely proprietary and will run only in closed trusted environments, fewer security controls may be needed than those required for applications that will connect businesses over the Internet and provide financial transactions. The trick is to understand the security needs of an application, implement the right controls and mechanisms, thoroughly test the mechanisms and how they integrate into the application, follow structured development methodologies, and provide secure and reliable distribution methods. Seems easy as 1-2-3, right? Nope, the development of a secure application or operating system is very complex and should only be attempted if you have a never-ending supply of coffee, are mentally and physically stable, and have no social life. (This is why we don’t have many secure applications.)