It is a fallacy to assume that ‘new and improved software is any more secure than the ‘old, tried and true software. While upgrading the applications running on a system may introduce new features, it will also introduce new and undiscovered vulnerabilities. One – because it is inevitable that the programming process will introduce vulnerabilities, and Two – because, in a commercial environment, the main objective is to get the application out to the market as soon as possible, resulting in a foreshortened quality testing.

Another reason for almost guaranteed new vulnerabilities is that even the largest software house does not have sufficient enough staff to conduct thorough testing. At best, they may have a thousand testers while, out in the wild, there are millions of users. Millions of users can find application problems much faster than ANY Q/A staff.

Of course, bad actors will constantly be rooting through the application source, determined to find as many vulnerabilities as they can.

In none of the preceding articles in this series was performing a security audit mentioned as a method of mitigating security attacks. An application such as Lynis will examine a Linux system, be it a server or an individual host, and list possible points of attack.