Bash Software Vulnerability – Addressing the root cause
By Jas Mahrra, on 26 September 2014
TSI Director, Tony Dyhouse comments on the recently reported Shellshock vulnerability in Bash software
What is most shocking about this particular situation is that it demonstrates vulnerabilities still exist right at the foundation layers of our software – the operating systems. As a result, everything we layer on top of that can be vulnerable and this is a totally unsustainable situation. Patching software continues to be a relevant short term fix but it cannot be considered a long term security strategy and we need to decrease the need for it in the future and treat the root cause. To achieve a more stable and secure technology environment in which businesses and individuals can feel truly safe, we have to peel back the layers, start at the bottom and work up. This is utterly symptomatic of the historic neglect we have seen for the development of a dependable and trustworthy baseline upon which to develop a software infrastructure for the UK. Ultimately, this is a lifecycle problem. It’s here because people are making mistakes whilst writing code and making further mistakes when patching the original problems.
TSI is the Trustworthy Software Initiative: http://www.uk-tsi.org/