Security, Software and EthicsIntroductionEvery day we use computer software to perform daily tasks. These can range from sending emails, balancing your checkbook, browsing the web, shopping, and much more. Most people don't stop to think about the security of the software we use every day. Users are more concerned with getting their work done, and security is little more than an afterthought. Security is a very important and often overlooked aspect of software development. Security is used to authenticate users, manage access to resources, and ensure that data has not been compromised. Recent events such as the Sasser, SQL Server, Blaster, and Nimda worms have had devastating consequences around the world. They have cost businesses and ordinary people billions of dollars in wasted time, money and productivity. In some cases, data is corrupted, modified or deleted. Businesses are unable to function normally, which can lead to heavy financial losses. Some of these worms are still taking control of computers, long after patches became readily available to fix the problem. Security professionals ask computer users to patch their systems and keep them updated, but their words go unheard despite their warnings. Why does this scenario constantly repeat itself? Who is responsible for ensuring that the software we use is secure? I believe that software companies and software engineers are ethically responsible for ensuring that their software is secure. We are becoming more and more dependent on computer software, which makes us more vulnerable to virus attacks originating from a security bug in widely used software. They must be able to ensure that our software is more secure…middle of paper…3] Peter Mell and Miles C. Tracy, “Procedures for Handling Security Patches,” National Institute of Standards and Technology, August 2002 http://www.csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf Suggested ResourcesSANS Institute - Cybersecurity website, with information on security training computinghttp://www.sans.orgSANS Institute Reading Room - Articles on a variety of security topics http://www.sans.org/rrSecurity Focus - Website with news and analysis of security issues http:/ /www.securityfocus.com The Register - IT news website http://www.theregister.co.ukSoftware Engineering Institute, Carnegie Mellon Universityhttp://www.sei.cmu.edu/National Institute for Science and Technologyhttp://www.nist.govThe CERT® Coordination Center - A reporting center for Internet securityhttp://www.cert.org