Many of the vulnerabilities inherent in the enterprise are borne in the less than secure coding of applications. Several of the primary reasons software is inherently insecure are:
Lack of validating and filtering data input
Failure to release memory securely
Residual maintenance hooks
Unintended (covert) communications channels
Further, software, such as viruses, worms, Trojan horse applications, backdoors, rootkits, and exploit code, is used to commit attacks on systems.
The buffer overflow attack and the SQL injection attack are two of the most prevalent attacks on software. These could both be reduced to a very low frequency, if not completely eliminated as vulnerabilities, ...