Security Vulnerabilities Leave End-Users Exposed, But Perhaps There’s Another Way…
I recently read an article on software vulnerabilities and the belief these issues will always be present. This theory makes sense, as society’s dependence on technology and software continues to increase, the likelihood of security gaps existing increases as well. Although, as long as these security gaps are addressed timely, there should be no need for major concern.
However, reports suggest 25% of known vulnerabilities do not have a fix. Considering these are known vulnerabilities — meaning hackers are aware of them as well, this statistic is highly worrisome. Also, since there is not a fix, the likelihood of the security gap being exploited for malicious activity is quite high.
A new study conducted by New York University believes there is an alternative way of addressing security gaps. By addressing them, I mean “diverting hackers to other things”. Basically, these researchers are suggesting developers fill software with vulnerability look-alikes. Meaning, when the hacker scans the program for vulnerabilities, they will see a plethora of them. Theoretically, the hackers would then try to exploit these “vulnerabilities”, wasting their most important resource, time. At this time, researchers have confirmed, there is not a way to identify the fake security gaps and the real ones. Although, once the hackers realize they have been dupped, I’m sure it won’t take long before they find a way to differentiate the two.
Now this “fix”, seems more like a band-aid than anything, but I want your opinion. Do you think it’s a good idea? Drop your comments below.