The Heartbleed bug that recently wrapped the internet in a whirl of massive security vulnerabilities, hints that it’s time for us to rethink digital security. Below are a few possibilities as to where the digital security is headed in the future, and where it should be headed.
The OpenSSL problem:
So why exactly was there a glaring and obvious vulnerability in the OpenSSL protocol that made two-thirds of the internet vulnerable to hackers? The answer, many analysts have speculated, is that open-source foundations which are behind the creation of some of the best web tools, such as the OpenSSL itself, are under-funded. Not only that, they have very few personnel compared to the regular tech companies. This leaves them overworked and underpaid, and often leaves some issues in open-source software.
However, we can’t deny the fact that some of the best innovations in the world of web have happened at the hands of open-source developers. This fact is being increasingly recognized by tech companies such as Microsoft and Google who are starting to open up to the open-source community.
But a lot more needs to be done. Perhaps we should push for a future where every tech company contributes a handsome sum to the open-source development. Things are moving towards that but the tech industry, at large, needs to come on board with this. And that can happen only when the tech companies fully recognize the potential of the open-source world.
Intelligent application-code analysis:
Typically, a popular way of ensuring digital security is to take a more generic view of the applications and the technologies being used and then determining the vulnerabilities in them. However, Checkmarx is popularizing a new way of analyzing the vulnerabilities in a given piece of software.
The firm focuses on providing tools which can ensure dynamic code testing and analysis. This method involves looking at the code from the get-go and identifying not only the obvious vulnerabilities but also the weak spots which can evolve into exploits by the time the software reaches completion.
The best part about Checkmarx’s tools is that they also direct the developer straight to the very part of the code which may contain a security vulnerability. These tools can even detail the attack vectors which may potentially be used to leverage a given exploit.
One of the key advantages of such timely analysis and discovery of a code’s vulnerabilities is that it significantly trims down later testing costs. It has almost become an industry-wide trend to roll out a service or an online platform, then allow security experts to play with it and find exploits, and then to patch these exploits. This incurs fairly significant costs after a software has been fully developed. Checkmarx helps avoid these costs and ensure better security of the applications.
Changing digital security tools:
Internet started off as a way of decentralizing things. It has empowered freedom of speech and expression, helped countless activists and whistleblowers and allowed people to reach out to the entire world with just a few clicks. However, over the years, the technologies have evolved such that the decentralizing spirit of the internet has eroded. One recent example of this is the reliance of a huge portion of the web on the OpenSSL protocol.
Granted that the OpenSSL is essentially a tool built by the open-source community, a widespread reliance on it makes things worse. And the inevitable consequence of this is that even a single vulnerability puts the web’s security at risk. This can be avoided by building a whole set of different tools meant for digital security. These tools ought to ideally come from open-source foundations, but they should be diverse. And the web-based services and companies should diversely use these tools.
A decentralization of the digital security technologies is absolutely essential for a future where internet is a secure tool for massive commercial and personal use. Without this, we will keep running into issues such as the Heartbleed bug and that will only create more trust issues for the users.