A lot of good software has failed solely because of the environment in which the software product is used. The environmental effects on software perfor- mance may cause many unexpected failures, including human errors where the users may not be well trained or may be under stress caused by some external factors. Some software products are affected by extreme temperature and humidity. This happens because both the temperature and humidity affect the media housing the software.
Risk is a hazard level together with the likelihood of an accident occurring and the severity of the potential consequences (Lawson, 1995). Risk also can be
defined in simpler terms as the chance, the potential, or possibility of suffering harm or loss—danger, in short. Neumann (1995) defines risk as a potential
problem, with causes and effects. Risk can be both voluntary with activities that we knowingly decide to undertake and involuntary with activities that happen to us without our prior consent or knowledge as a result of nature’s actions,
is on the big picture for the dangers of software, in particular, and computer
systems, in general, we will leave the details of the definitions at that.
We have defined risk as a potential problem with causes and effects. Among
the causes of risk in software are a result of poor software design, mismatch of hardware-software interfaces, and poor support and maintenance. Others are (Linger, Mills, & Witts, 1979):
• Personnel shortfalls
• Unrealistic schedules and budgets
• Developing the wrong functions and properties • Developing the wrong user interface
• Continuous stream of requirements changes • Shortfalls in externally furnished components • Shortfalls in externally performed tasks • Real-time performance shortfalls • Straining computer-science capabilities
Since computers are increasingly becoming a part of our lives, there are nu- merous ways computers and computer software, in particular, affect our lives. In many of these encounters, there is risk involved. For example, computers are used in medical care and delivery, in power generation and distribution, in emergency services, and in many other facets of life. So wherever we are, be it at work, on the way to or from work, or in our own homes, there is direct or indirect use of computer software; there is always a risk of an accident to occur. For example, when using any software-based system, there is always a risk that something may occur. There is no way for a system manager to predict, for example, how and when a system failure or attack by hackers or viruses will occur. As our world become increasingly engulfed with computer and telecommunication networks, network-related threats by hackers, viruses, system overloads, and insider misuse are increasing to such a level that the risk involved is shaping many of our behaviors, the input of our work, and output of our daily efforts. These are adverse effects on society, so much so that appropriate and effective measures need to be taken to deal with the risk. Let us look at some here.
Software.Assessment.
Software assessment is a process that analyzes software product applica- tions to determine their compliance with relevant accessibility standards and identifying t the software’s security vulnerabilities. The process enables the system administrator to accurately determine the current accessibility and security status of the software product, information needed to effectively allocate time and budget for implementing corrections. There are several assessment techniques including question and answer, qualitative, or meth- odology and calculation. A simple equation for calculating risk is: Risk.=. Assets.×.Threats.×.Vulnerabilities.
Planning
Planning involves outlining the policies for security management.
Implementation
A good implementation may seek to match the security needs of the system with all available security tools.
Monitoring
Risk management is an ongoing process that needs constant monitoring. This helps to determine the necessary changes to the system and new security ap- plications needed. The monitoring tools must be chosen based on the nature and applications of the system being protected. For example, if the system
being protected is a network, the tools may include a firewall and intrusion
detection and network forensics software.
Conclusion
Software is central to the security and safety of computer systems that make up the information communication technology (ICT) infrastructure. The role of software
in the security of the ICT infrastructure cannot be over emphasized. In this chapter, we have looked at this role and discussed the many ways software safety can be compromised. We have also given suggestions on ways to improve software safety and reliability, which can result in securing the ICT infrastructure.
References
Davis, A. (1985). Employee computer crime on the rise. Creative.Computing, 6. Gray, J. (1986). Why do computers stop and what can be done about it? In
Proceedings. of. 5th. Symposium. on. Reliability. in. Distributed. Software. and.Database.Systems, (pp. 3-12).
Hamlet, R. (1988). Special section on software testing. Communications.of. the.ACM,.31(6), 662-667.
Howard, M., LeBlanc, D., & Viega, J. (2005). The.19.deadly.sins.of.software. security. New York: McGraw-Hill.
Jarzombek, J., & Goertzel, K. M. (2006). Security in the software life cycle.
CrossTalk,.The.Journal.of.Defense.Software.Engineering.
Kizza, J. M. (2002). Social.and.ethical.issues.in.the.information.age (2nd ed.). New York: Springer.
Leveson, N. (1995). Safeware:.System.safety.and.computers. Reading, MA: Addison-Wesley.
Linger, C. R., Mills, H. D., & Witts, B. (1979). Structured.programming:. Theory.and.practice. Reading, MA: Addison-Wesley.
Littlewood, B., & Strigini, L. (1979). Validation of ultrahigh dependability for software-based systems. Communications.of.the.ACM,.36(11), 69-80. Neumann, P. (1993). The role of software engineering. Communications.of.
the.ACM,.36(5), 114.
Neumann, P. (1995). Computer.related.risks. New York: ACM Press. Parnas, D., van Schouwen, J., & Kwan, S. (1990). Evolution of safety-critical