The continuous revelation of software bugs that can be exploited to gain unauthorized access or privileges on a computer system poses a serious threat to organizations across the world. Unlike the bugs of the insect family, software security bugs are especially troubling if they are not patched or corrected with utmost caution.
While some software flaws are addressed through reviews, testing, and vigilance, there are a few that simply remain dormant until the right condition comes.
Usually, software flaws once discovered enter one of two lifecycles, namely ‘The Patch Cycle’ and ‘The Exploit Cycle’.
The Patch Cycle
The Exploit Cycle
A security bug life cycle traces the status of a bug from the time it is first discovered till the time it is eliminated by developers. During this time, it has to be ensured by the testing team that there should be no chance of the bug being reproduced again.