It has never been clearer than in the present time how elementary the security of software is for the work of companies and the economy as a whole. According to experts, hackers who are in the service of authoritarian regimes are increasingly joining all sorts of criminal soloists and organizations in the current fragile world situation. However, software security does not only mean arming yourself against external dangers. Even within the organization or the company itself, secure software ensures good usability and functionality and helps to protect sensitive data from unauthorized access. In the “Guide to the Security of Software-based Products”, the Bitkom trade association points out the opportunities, but also the dangers and threat scenarios. The experts of the association point out that it is particularly important to have a high general understanding of software security – on the side of the developers as well as on the side of the users.
How to recognize secure software?
This is the big question, which unfortunately cannot be answered quite so easily. There is no one hundred percent proof that a software is really safe. because it depends not only on the characteristics of the software, but also on the scope of application and the users. However, brand software from established manufacturers is usually considered particularly safe and is often recommended by industry and association representatives. Where such software is not available (e.g. for individual applications where no “off-the-shelf” software is available), recognized certificates serve as indicators for high-quality products. An example of this is Adobe Premiere Elements for professional photo and video editing.
However, even these cannot completely exclude security gaps, since such vulnerabilities often only show up or open up again in the course of use. The purchase of software or software licenses through trusted vendors is another building block for software and cybersecurity. An Adobe Photo subscription not only includes the comprehensive license for use, but of course also implies the updates of the manufacturer.
Is there error-free software?
From technical products such as the washing machine or the car, one expects a perfect functioning. If this is not given, there may be a recall action on the part of the manufacturer, who will have the detected technical defects or security gaps corrected. True, software is not tangible like the mentioned technical devices. However, anyone who takes the perspective of a developer once recognizes the highly complex structure of the program. This is in no way inferior to the named devices. In all the cases mentioned, the construction and development are carried out by people who are not completely free of errors. These developers can draw on specialist knowledge and a wealth of experience and usually work on the basis of previously designed products. Nevertheless, some errors only become apparent after a period of use or arise as a security problem due to later tests or analysis procedures. What could still be classified as safe during production or development may therefore prove to be a security gap at a later date – without the developer being accused of this.
Of course, a recall of software that is used in a variety of different entrepreneurial or organizational processes on a daily basis is not possible in the same form as with physical products. However, since it is unavoidable for software to close newly detected security gaps, the manufacturers offer updates that are carried out regularly or if necessary. This process usually takes place via the online connection of the workstation or the network, but in certain cases the service maintenance is also carried out by the field service of the software manufacturer or its contractual partner directly at the relevant workstation. Often an update also serves at the same time to provide the software with new functions and thus not only make it safer, but also better.
How can users contribute to higher software security?
Most of the software used in everyday life is not a finished product, but is subject to an ongoing development process, to which it is adapted again and again through updates. If an update is not installed, this can not only lead to functional errors in the use of the software, but also represent a new gap in software or cybersecurity. The installation of updates is therefore an important contribution to security. At the same time, users should adapt the software and their workplace as a whole to their own way of working as much as possible. This also includes the use of security systems to prevent unauthorized access of a physical and virtual nature. Password protection is the minimum here, depending on the software used or the system used, there are other possibilities beyond that.
Who is liable if a software error leads to damage?
In principle, a manufacturer or developer can also be held liable for software in accordance with the principles of product and producer liability. However, liability is limited to damage to legal assets of particular value, such as health or property. In order to avoid a liability case, the manufacturer offers updates that are linked to a duty of cooperation on the part of the user: if a security gap arises due to the fact that an update was available but not installed, the manufacturer cannot normally be recourse. If an organization or a company does not work with branded software, but with open source, as a rule, no external body can be held liable for any damage caused – by the way, even if the security gap should actually be fixed by installing an update.