Self-inflicted vulnerabilities

Naval War College Review,  Autumn, 2004  by Stephen D. Wolthusen

• E-mail
• Print
• Link

For their part, most commercially available microprocessors have a sizable number of "errata," documents detailing known problems and, where possible, work-arounds. Such errors have occasionally garnered much public attention, with customers demanding replacement of defective parts. Nonetheless, the incentives for software vendors are somewhat different. For them it is cost-effective to ship a product with possible, suspected, or even known defects and, by and large, correct them only when reported from the field. This practice appears to be accepted by virtually all users of COTS products. (12)

Most Popular Articles in News

The Ten Best Laptop bags

Tata plans cheapest-ever car for Indian market

GLOBALIZATION AND THE DEVELOPMENT OF UNDERDEVELOPMENT OF THE THIRD WORLD

Corn is good for you; Corn is not only a tasty treat, but also a cereal that ...

THE 50 BEST STYLISH HANDBAGS TO CARRY

More »

Thus, it is frequently possible simply to replace a microprocessor or other electronic component with a newer, functionally equivalent component as it reaches the end of its service life. In software-based systems, however, not only functionality of obsolete and ill-defined software must be reproduced but, frequently, its defects as well. The behavior of the actual system may well depend on fixes and work-arounds installed in the old equipment.

This situation has led, particularly in the financial services industry, to cases of decades-old financial software running on multiple layers of simulated operating systems and "middleware" components--not unlike Russian matryushka nesting dolls. Each of these layers introduces its own defects and uncertainties, limiting overall efficiency and ultimately assurance. As a result, presumably, the reliability of complex software-based systems drops. Options to redress this quandary are quite limited, since frequently when defects and vulnerabilities are discovered the remedies require configuration changes (for both hardware and software, the former often necessitating the latter) beyond the immediate corrective measure.

A second, related problem is the tendency of software systems to make use of the rich functionality available in COTS systems or systems assembled from existing components. The dependencies introduced in commercial systems are less well known than for government in-house, or GOTS, components. This introduces a further web of unknowns. Situations can result where repairing a defect in one component generates cascading side effects, possibly rendering the entire system unusable--even when the components are all from a single vendor. These dependencies produce systems for which the traditional last resort of "life-of-type buys" is simply not feasible, particularly once vulnerabilities become publicly known; for which reengineering--just as with civilian systems--is frequently a euphemism for complete redevelopment; and for which assurance in mission-capability declines precipitously over time as new elements and components are introduced into already underdefined designs.

The alternative of developing and maintaining similarly feature-rich systems with provably high assurance, however, is likely not to be palatable to decision makers except under the most dire requirements, and even then it may not be feasible. An example of such an attempt was the onboard flight control software of the Space Shuttle program. This software, though far less complex than that associated with most COTS-based environments and so, one might have expected, less expensive, has cost in excess of a hundred million dollars to maintain. (13) Indeed, the very concept of mechanized proofs of correctness has been the subject of intense scrutiny. (14)

Find Research Guides for:

• Abortion
• ADHD
• AIDS
• Alternative Energy
• Alternative Medicine
• Cancer
• Capital Punishment
• Cloning
• Hate Crime
• Cryonics
• Drug Abuse
• Eating Disorders
• Gay Issues
• Global Warming
• Holidays
• Immigration
• Medical
• Men's Health
• Mental Health
• Real Estate
• Stem Cells
• Women's Health

Find Featured Titles for: Reference

• Academe
• African American Review
• African Arts
• African Studies Review
• Afro-Americans in New York Life and History
• Alabama Heritage
• Alabama Review
• American Mathematical Monthly, The
• Anglican Theological Review
• Annals of Dyslexia
• Arab Studies Quarterly (ASQ)
• Auk, The
• Australian Journal of Anthropology, The
• Christian Century
• Natural History

Most Popular Articles in News

• The Ten Best Laptop bags
• Tata plans cheapest-ever car for Indian market
• GLOBALIZATION AND THE DEVELOPMENT OF UNDERDEVELOPMENT OF THE THIRD WORLD
• Corn is good for you; Corn is not only a tasty treat, but also a cereal that ...
• THE 50 BEST STYLISH HANDBAGS TO CARRY
• More »

Most Popular Publications in News

• Oakland Tribune
• Daily Herald (Arlington Heights, IL)
• Independent, The (London)
• Gazette, The (Colorado Springs)
• Deseret News (Salt Lake City)
• More »