The word "threat" is well understood. It means danger or anything that could be harmful. And although the meaning is the same for any software system, we can add one extra layer of description for threats to software, that will help greatly in our goal to properly address or protect against them.
In software, we can consider threats (or danger) to be anything that negatively affects the confidentiality, integrity, or availability of the software or the data it stores.
I introduced three terms there, let's define them.
Confidentiality: This means that information should not be seen by anyone, except those who have the necessary permissions.
Integrity: Information should not be modifiable, except by those who have the necessary permissions.
Availability: The system and its data should be appropriately accessible to those with the necessary permissions whenever they attempt to make use of it.
In summary, any action that could be taken on a software system, with the goal of making information viewable or modifiable by those who shouldn't be able to do so, or inaccessible to those who should be able to do so, can be classified as a threat to the system.
Mobile App Example
Let's say you design a mobile app that provides centralized management of social media platforms to your users. Any action that could allow an unauthorized user (say a hacker) to leverage your app to make a post to the social media account of another legitimate user of your app without their consent, is a potential threat to your software (and your user).
As you might notice, this would mean that the integrity of your app and your user's social media account has been compromised. It could also mean that the confidentiality of your user's authentication credential for your app, has been compromised. If either of those is due to a weakness in your software, it will likely result in lost revenue, customers, and reputation.
*Now, there is the important consideration of the difference between potential and relevant threats, and we'll address that in a future post.
Are you a software innovator? Your skills or organization are quite essential to life as we know it today. And for that reason...
Great Software must have Resilient Security.
Do you have questions about security for your software? Book a Free Consultation and we'll do our best to help!
Comments