Security bug

Last updated August 05, 2025

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:

Causes

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:^[2]

Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:^[3]

Memory safety (e.g. buffer overflow and dangling pointer bugs)
Race condition
Secure input and output handling
Faulty use of an API
Improper use case handling
Improper exception handling
Resource leaks, often but not always due to improper exception handling
Preprocessing input strings before they are checked for being acceptable

Mitigation

See software security assurance.

References

1 2 "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
↑ "Software Quality and Software Security". 2008-11-02. Retrieved 2017-04-28.
↑ Alhazmi, Omar H.; Woo, Sung-Whan; Malaiya, Yashwant K. (Jan 2006). "Security vulnerability categories in major software systems". Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security.

v t e Information security
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie	vectorial version
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Software obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation
Related security topics	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management

Security bug

Contents

Causes

Taxonomy

Mitigation

See also

References

Further reading