The following applies to every software: the more complex it is, the more frequently errors
will occur. Even in intensive tests, all errors are not detected prior to the delivery to the
customers in most cases. If software errors are not detected in time, the crashes or errors
resulting from the use of the software can have serious consequences. Examples of this are
incorrect calculation results, poor decisions of the management and delays in the flow of
business processes.
Software vulnerabilities or errors may result in serious security gaps in an application, an IT
system or all connected IT systems. These security gaps may be exploited by attackers to inject
malware, to read data without authorisation or to make manipulations.
Examples:
• Most of the warnings from Computer Emergency Response Teams (CERTs) in the last
few years have been related to security-relevant programming errors. These are errors
that arise during software development and that make it possible for the software to be
misused by attackers. A large part of these errors was caused by buffer overflows.
• Today, Internet browsers are an important software component on clients. Browsers
are often not only used to access the Internet, but also for internal web applications in
companies and public authorities. Software vulnerabilities or errors in browsers can
therefore cause particularly severe impairments of the information security of the
entire organisation.