Ver:
· Bug
Defecto en un programa a nivel de arquitectura o diseño. Estos defectos pueden no ser evidentes examinando únicamente el código fuente.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/risk/248-BSI.html
Error of
commission, omission, or oversight in an information system that may allow
protection mechanisms to be bypassed. [CNSSI_4009:2010]
A software
security defect at the architecture or design level. Flaws may not be apparent
given only source code of a software system.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/risk/248-BSI.html
Flaws are
software problems that exist in the software design. A flaw may or may not
represent a vulnerability in the underlying software. Mitigating a flaw
typically involves significantly more effort than simply modifying a few lines
of code. The problem does not lie solely in the implementation; the underlying
design is flawed, and therefore, any implementation that follows the design
would contain the flaw. For instance, performing sensitive business logic in an
untrusted client application is a design flaw that cannot be mitigated by a
simple measure such as modifying array bounds.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590-BSI.html
Temas relacionados