Software vulnerabilities are susceptible weaknesses (i.e. “bugs”) in software, often from exploitable flaws written by the developer or inherent in the programming language. Not every software bug is a security vulnerability. The bug must be exploitable by an attacker to become a threat or risk. Most software bugs cause an operational issue (which may not even directly manifest themselves to the operator) or even cause a fatal interruption to processing but cannot be leveraged by an attacker to gain unauthorized system access.

Exploitable software vulnerabilities are responsible for a large (if not the largest) percentage of hacking in a given time period, even though other hacking methods (such as Trojan horse programs and social engineering) are often very competitive. Some computer security experts think most computer security issues would go away if all software was bug‐free, although this isn’t true or possible. Still, even if not a panacea, more secure code with fewer vulnerabilities would wipe a significant category of hacking issues out and make our computing environment appreciably safer.

Number of Software Vulnerabilities

There are many sources for tracking public software vulnerabilities, although the bugs listed for each may vary significantly. On average, each year, major software developers and bug finders publicly announce 5000–6000 new software vulnerabilities. That’s about 15 bugs per day, day after day. The Common Vulnerabilities ...