Implementation refers to the way in which software and hardware are configured to perform, and is frequently mentioned as being one of the weak points of computer security. When the time comes to implementing the design of a system of any kind, both software and hardware, it is often the case that errors are made. Software, for example, frequently contains vulnerabilities as a result of programming errors. However, there are many reasons why implementation errors may occur.
Implementation flaws are what allow some of the most advanced and effective security measures available, such as encryption, to be bypassed. This is because although encryption is a very effective way to keep data confidential, it is not very effective if the encryption software’s implementation does not ensure that the plaintext of the encrypted data is deleted from memory after the encryption process is complete.
Due to the nature of technology and computing, it is difficult to eliminate implementation errors. Rapidly changing programming languages, hardware, and working environments make preventing issues almost impossible, not to mention the economic considerations of doing so.
- Threat modelling is an important part of creating effective systems and software, and can be used to identify some of the weaknesses during their implementation.
Last updated: 30 October 2017