Lesson 1: Assets

Concerns with Software Assets:Trust Issues

As previously mentioned, a general definition of trust is, "firm reliance on the integrity, ability, or character of a person or thing." Trust is a major principle underlying information security; at some point, an organization has to decide how much it trusts the people and resources involved with managing its software assets.

Trust issues with software assets are fairly complex. Consider the current state of the software industry: For many software companies, the primary objective is a speedy time-to-market. Because of this, many software manufacturers release software before many of the "holes," or vulnerabilities, have been fixed—or worse yet, they release the software without any regard to security whatsoever.

Because of this, it is virtually impossible to install and use software "out of the box"; in other words, the preset, default configurations of many software products cannot be trusted. Likewise, just as with hardware assets, you must also examine and evaluate the ultimate source of the software that you are using. Why are you using a particular piece of software instead of certain other pieces?