Definition: The phrase "Software Security" refers to the hardening of an operating system or application program. Each program or system has its own strengths and weaknesses. New releases of an operating system or application program, for example, are immediate targets for the hacker community. Vulnerabilities are routinely discovered and exploited. The publisher works rapidly to find a patch or a fix to the problem that is then made available to the customer for download.
Again, a robust information assurance plan would have policies in place that govern the routine updating of patches and newer versions of software. There are other components of such a plan (e.g. providing for a test bed) to try new software before putting it into production.
Its Relevance: Securing the operating system and applications must be a top priority of an information system. The cycle is unending. Malicious crackers are on a perpetual hunt to discover vulnerabilities and to turn them against an information infrastructure. The manner in which programs are hardened or made more difficult to compromise must be included in the organization’s information security policy.