The backstory behind Adobe's latest patch shows hazards that all software and app developers face. According to a ThreatPost article, Adobe was about to release updates to its Reader and Acrobat programs when it discovered serious security flaws.
A regression test revealed that the update would have exposed Adobe's users to all kinds of cyber attacks, including…
- Remote code execution.
- Cross-site scripting (XSS).
When developers release software, it's a moment of mixed emotion. On the one hand, you're excited to see your program adopted by users. On the other, you know that things just got real. Any mistakes, software flaws, and zero-day attacks could expose your users to hacks and lead to a data breach lawsuit against you.
How do software developers manage their cyber risk? While software testing can help you find and eliminate flaws, you can't completely avoid the risk of a data breach. That's why so many clients require you to have software developer insurance.
App Developer Liability: How to Survive a Worst-Case Scenario
Say you update a mobile app. You check to make sure it's exactly what the client wants. You run it through software testing. Everything checks out…but there's a problem.
An unforeseen security vulnerability causes a data breach. The client's user data is exposed, and they file a lawsuit against your business, alleging the breach has…
- Shattered their reputation.
- Damaged their customer retention.
- Cost thousands in current and future revenue.
Given enough time, every app will have security weaknesses. That's the nature of development. Your best-case scenario is that you find the vulnerability and fix it before hackers notice. Even the best developers at Apple, Microsoft, and Adobe are always updating their programs to patch these flaws. What else can you do?
Errors and Omissions Insurance covers an app developer's worst nightmare. If a new version of an app rolls out but has flaws that expose a user's security, E&O pays for the developer's legal expenses if they're sued. E&O also pays for judgments and settlements – i.e., the costly damages you have to pay your clients.
Why Now Is the Right Time to Address Your Cyber Liability
As data breaches become more common, lawyers have jumped on the opportunity to make money from data breach lawsuits. In our article, "Home Depot Data Breach Lawsuit Raises Questions," we reported how data breach lawsuits are being filed as fast as 24 hours after a breach is announced.
That's especially troublesome for developers because your work has three unavoidable risks:
- Platforms can have security flaws. Java has had serious issues in the past with its encryption protocol. Developers who used Java's random number generator were exposed to data breach risk because it meant that encryption keys weren't completely random. Hackers could crack the code and the developer could be sued for exposing user data. This particular exploit has hit big companies like Sony and small developers that make Bitcoin wallet apps.
- Hackers are motivated to improve and refine their attacks. Cyber criminals adjust their strategies to counteract the efforts of IT security professionals. The constantly shifting IT world means there are always new devices and platforms that hackers can target.
- There are weaknesses that you don't know about. Zero-day vulnerabilities exist in your code. That's just a reality. As we saw this year, even common security protocol like OpenSSL can have major flaws, which means that if cyber criminals find them before you do, your app could be hacked.
Developers mistakenly assume their code is bulletproof. In reality, code can be flawed. New attacks can emerge to exploit security holes you didn't even know existed. To protect your business from constantly changing threats, make sure you have software developer E&O Insurance.