Software Issues Risks Liabilities PDF
Document Details
Tags
Related
- 13R-Madurez de la ingeniería de procesos de software PDF
- Risk Management Initiatives 2023-24 PDF
- Risk Management Initiatives 2023-24 PDF
- Productivity Software License and Maintenance Terms PDF
- Tema 2: Inicio de un Proyecto de Desarrollo Software (Ingeniería del Software I) PDF
- Information System Analysis and Design COSC 327 PDF
Summary
This document reviews software issues, risks, liabilities, and causes of software failures. It discusses standards, reliability, security, and safety of software, along with consumer protection and the law related to software. The document also covers computer crimes and cybersecurity.
Full Transcript
SPIC FINALS REVIEWER Causes of Software Failures Software Issues Risks Liabilities Human factors Nature of software Software- computer programs made up of a logical s...
SPIC FINALS REVIEWER Causes of Software Failures Software Issues Risks Liabilities Human factors Nature of software Software- computer programs made up of a logical sequence of commands to Consumer Protection and the Law perform a task. Buyer’s rights: software producer/developer - creates computer programs to meet either Replacement general or specific needs of the Refunds consumer Updates buyer - gets the benefits of a computer program to solve a specific Understanding software complexity- software task/problem as: Whenever there is a software there are Product producers and consumers. Service Mix Costumer protection tools: Agreed to the ff: 1. contract (used with products): a formal 1. Standards – universally accepted level agreement between a buyer and a seller of confidence Express warranties - Written promise 2. Reliability – software reliability does from the not depend on age and wear and tear seller about the product’s quality or like hardware performance - Software reliability - is the implied warranties – are not written probability that the software down but are assumed by law does not encounter an input Third-party beneficiary – to someone sequence resulting into failure. who isn’t a party to the contract (not 3. security- software is secure if it does the buyer or the seller) but benefits not contain trapdoors through which an from it intruder can access the system. Breach of contract – lack of compliance 4. Safety – the safety of a software product means the absence of a 2. Tort (used with services): a wrongful act likelihood of an accident, a hazard, or a that causes harm or injury to someone. risk - A number of life critical systems Intentional depend on software, therefore, Unintentional software safety is important. Torts include: 2. Quality- a software product has quality if it maintains a high degree of Negligence – careless, lack of excellence in standards, security, safety, competence, etc.. and dependability. Malpractice – a specific type of computer security breaches negligence, usually related to within the last twelve months professional services. - Financial losses for the 273 Strict liability – a person or company is organizations that could held quantify them adds up to responsible for harm regardless of $265,586,240 whether they were careful or not Computer Usage by Children Misrepresentation – a service provider gives false or misleading information 5 to 17 year olds have extensive access that causes harm to computers Among households with computer Improving Software Quality access Final review – a thorough check of the - 60% of children ages 3-5 years software once it’s mostly complete but are actively accessing the before it’s officially released computer Inspection – a detailed examination of - 84% of ages 6-11 use the the software’s code or design by a team computer of experts - 89% of ages 12-17 Walk-throughs – a less formal process Proven Security Protocols where the developer explains the code or design to a group of colleagues Authentication Phased-inspection – a process where Access Control the software is inspected in stages or Ten Commandments of Computer Ethics phases throughout its development 1. Thou shalt not use a computer to harm other people. Producer Protection and the Law 2. Thou shalt not interfere with other people's Protection against: computer work. Piracy 3. Thou shalt not snoop around in other illegal copying/downloading of people's files. copyrighted software Fraudulent lawsuits by customers 4. Thou shalt not use a computer to steal. Seek protection from the courts 5. Thou shalt not use a computer to bear false witness. Online Cybercrimes 6. Thou shalt not use or copy software for which Statistics you have not paid. The 2000 Computer Security 7. Thou shalt not use other people's computer Institute/FBI Computer Crime and resources without authorization. Security Survey - Ninety percent of the study's 8. Thou shalt not appropriate other people's 585 respondents reported intellectual output. 9. Thou shalt think about the social Lack of enforcement of existing consequences of the program you write. reporting mechanisms Detection of insider attacks 10. Thou shalt use a computer in ways that Lack of security agencies or trained show consideration and respect. security agencies Computer Crimes Reason for Growth in Cyber Crimes Illegal act that involves a computer Rapid technology growth system or computer-related system Easy availability of hacker tools That connect one or more computers or Anonymity computer-related systems - Telephone, microwave, satellite Cut-and-past programming technology telecommunications system Communication speed High degree of internetworking Three Categories increasing dependency on computers Natural or inadvertent attack Social and Ethical Consequences Human blunders, errors and omissions Psychological effects – hate and bigotry Intentional threats Acceptance of the norm and resulting moral decay Two Aspects of Cyber Crime Loss of privacy Virus Trust Hacking Cyberspace and Cyberbullying Two Types of Attacks Cyberspace - is a global artificial reality 1. Penetration environment based on a global mesh of - Insider threats interconnected computer networks. - Hackers This mesh allows and makes it possible for - Criminal Groups anyone using a point-of-entry device like a - Hacktivism computer, smartphone, or any other Internet- 2. Denial of Service Attacks enabled electronic device to reach anyone else, - Inside with the potential to access the mesh, through a - Outside one-on-one, one-to-many, and many-to-one Motivation of Attacks communication capabilities or through broadcasting via the World Wide Web. Business and Industrial Espionage Joke/Hoax Political Activism Securing Cyberspace Reasons for No Information Keeping cyberspace users secure is a daunting job that requires advanced Lack of reporting requirements detection techniques and prevention Public sector – fear of market reaction methods. to news Both the detection and prevention Browsing rights techniques are changing very fast. Lack of control on cyberspace services Cyberspace Forensics Distributed liability investigative process - that studies the Cyberbullying computer network environments in cyberspace to provide information on all issues of a healthy Actions that use information and working network. It seeks to capture network communication technologies to support information on deliberate, repeated, and hostile behavior by an individual or group that Intrusion Detection in Cyberspace is intended to harm another or others. new technology because software used in all Use of communication technologies for cyber-attacks often leaves a characteristic the intention of harming another signature. This signature is used by the person. detection software, and the information gathered is used to determine the nature of the Cyberstalking attack - Stalking, a cousin of bullying, is Vulnerability Scanning in Cyberspace defined as an unwanted and/or obsessive attention given to an System and network scanning for the individual or group by a vulnerability is an automated process perpetuator or perpetuators. where a scanning program sends Cyberstalking, a cousin of network traffic to all computers or cyberbullying then, is digital selected computers in the network and stalking, usually using online expects receiving return traffic that will media. indicate whether those computers have known vulnerabilities. Cyber Harassment These vulnerabilities may include To harass is to annoy continuously and weaknesses in operating systems and persistently someone: to create an application software and protocols. unpleasant or hostile environment for an individual, especially by uninvited Cyberspace Systems Survivability and unwelcome verbal or physical - is the ability of a computing conduct and to make repeated attacks system, whether networked or against a victim. not, to provide essential services in the presence of attacks and failures and Types of Cyberbullying gracefully recover full services Harassment in a timely manner. Intellectual Property Rights in Cyberspace Flaming Exclusion Anonymity Outing Internet paradox Masquerading - Lack of credible science safeguards Bystanders - Fear of a superhuman Have increased use of tobacco, alcohol, - Abdication of individual or other drugs responsibilities Have increased mental health problems, AI and ethics: including depression and anxiety - AI agents and user Miss or skip school. responsibilities - User accountability New Frontiers for Ethical Considerations: Artificial Intelligence and Virtual Reality Virtual Reality Artificial Intelligence VR – is a stimulation of a real or imaginary phenomena in three- AI – is a field of learning that emulates dimensional environments human intelligence Is revolutionizing the study of science Advances in human intelligence: Ethics in Virtual Reality: - Machine intelligence has led to Robotics - Lack of being in control - Space exploration - Safety and security of users - Medicine - Human-agent interactions - Advanced research - Intentions of the actor - Accountability of the actor Intelligent Agents - Responsibility of the actor Personal assistants - Psychological effects on the actor and community Meeting scheduling Internet of Things (IoT): Growth, Challenges, Email handling and Security Filtering Initially proposed by Kevin Ashton in Entertainment 1998 Back then, the idea was often called “embedded internet” or “pervasive computing”. Gubbia et al. - A smart environment that is made up of an interconnection of sensing and actuating devices providing Weizerburm Theory the ability to share information across “it is immoral to use a computer system to platforms through a unified framework, replace human functions involving developing a common operating picture interpersonal respect, understanding and love” for enabling innovative applications Limitations of AI: Some well-known examples for Internet of Things applications today are: - Wearable devices/fitness its plethora of sometimes trackers (e.g., Jawbone constrained devices, with different data Up, Fitbit, Pebble) communication capabilities, create a - Home Automation (Examples: challenge in the manual maintenance Nest, 4Control, Lifx) of a large number of devices - Industrial asset monitoring (GE, becomes inefficient and demands the AGT Intl.) presence of intelligent and dynamic - Smart energy meters management schemes. Architecture and Networking of IoT Self-managing systems For the IoT ecosystem to function and Computational Constraints support intended applications and Low-level devices on the fringes can be accommodate the heterogeneity of of limited power sometimes of less than devices and applications in 10 kBs of RAM, which is sometimes the ecosystem, the IoT had to adopt the orders of magnitude lower than open standards of TCP/IP protocol suite. an ordinary desktop computer with GIGs of RAM. IoT Governance, Privacy, and Security Challenges As the IoT grows, it presents us with several challenges including global governance, individual privacy, ethics, and of course security. These are the most critical issues in the growth of IoT. Security Challenges Security is critical to IoT applications due to their close interaction with the physical world. - Insufficient authentication/authorization - Lack of transport encryption - Insecure web/mobile interface Autonomy High heterogeneity and complexity and lack of dynamic and scalable management schemes in the IoT due to