COMX501: Computer Security and Forensics - Introduction to Software Security

Questions and Answers

What is the primary objective of security in a system?

• To ensure 100% security
• To reduce risks to acceptable levels (correct)
• To eliminate all risks
• To control access to resources only

What is a key challenge in designing secure systems?

• It's difficult to ensure security against all attacks
• It's difficult to determine the impact of attacks
• It's difficult to identify the types of attacks
• It's difficult to tell when a system is secure (correct)

What is a key consideration in ensuring security against attacks?

• The impact of the attacks on the system (correct)
• The cost of the security system
• The identity of the attackers
• The type of attacks expected

What is a primary reason for implementing security measures?

To protect intellectual property (B)

What is a key benefit of identifying security threats?

It helps to prioritize security efforts (C)

What is the primary reason for a lack of secure software development, according to the industry?

No software liability and higher development costs (D)

What is the main cause of security vulnerabilities in software, according to John Viega and Gary McGraw?

Bad software design and implementation (A)

What is the main reason why developers are not confident in their ability to write secure applications?

Lack of knowledge about secure coding practices (A)

What is the main challenge in software security, according to the text?

Balancing security with functionality and usability (B)

What is the author's assertion about cryptography and special security features?

They are a secondary concern to good software design and implementation (D)