The aider and abettor, a hidden crew of hidden engineers
(UNI-SCHNICHENSALL, Austria) – While computer scientists are busy writing algorithms, the engineers involved are refreshing and refreshing the programs for the software. They are writing the code, the implementation, the updates and the code for the security aspects of the program. On top of that, they are also protecting the program for the user. These are very diverse responsibilities and fascinating subjects. Yet another group of people still working in the background, who are not on the top ranks, is the “aider and abettor” group.
It is quite amazing how a great deal of the code in programs is put in and so much left to “the guts” of the system. The program needs to have a secure function. That’s what the “aider and abettor” group does. It’s like an engineer’s family, and it’s a necessity.
There are programs with very specific reasons to be secure, such as confidentiality, which is hard to define a definition, and some very special features, such as cryptography or high-level algorithm use, which generally have their own password. That would be risky; in some cases even dangerous, if the password were to be made public. The aider and abettor group builds those if necessary.
Those are not the most important reasons. There are more principles to the code that are important, for example, breakability. It is tough to get to the goal of protecting the user from spying, either physical or electronic. This may be connected to the same notion as privacy or confidentiality. This is a main challenge to get to secure packages, be it by communication packets, databases or processes. The reason is again connected to privacy, because these companies make or buy the software with the intention of having it in use for a very long time. The NSA example is the most obvious one.
There are many sensitive data-stuff in the entire database system that cannot be discussed. So that’s why the program has some certain algorithms to do something important, like look for or detect suspicious behaviour. These algorithms also perform some functions that perform some unsolicited inquiries on the software, such as searching for the need for a very specific security feature, or searching for any known means of attack. So it may be possible to detect new methods of attack, an illegal configuration, or something to be avoided in order to ensure the user’s security, for example a botnet, for example. All of these complex things are done by the “aider and abettor” team, or “white-hat” code engineers, who write the code of that particular program and then put in the expertise required to deliver it.
White-hat engineers are also concerned with confidentiality, and they try to keep a window of confidentiality with the code-base. For example, the program does not share its private information with a partner or trusted customer. There are many aspects to the code which are used for the confidentiality of the program. The aider and abettor program thinks about those dependencies and tries to prevent the program from falling into the hands of its anonymous attacker. It is a real job. It has to be done. Security is part of the code, if you have any money to spend, and there are many such companies in the world.
[originally published August 23, 2014]