In a world where information and digital services can be anywhere, software is the most important component in such environment, and it needs protection in every dimensions. Look if we cannot trust software we are using, what should we do? Most of the software in the market which provide security features such as secure kernel, firewall, intrusion detection and so on are working really well in theory but in practice they require more security features implemented whenever more parties involved.

In the software context, in minimum, there will be two parties involved, owners and users. If you are lucky you may be both owner and user, but that is not likely to happen in the real world. The case that you are both owner and user is very rare. In many cases, there normally are more parties such as developers, sellers and maintenance persons, involved.

It would be easier if we can classify or identify who are the persons involved. Unfortunately, there are cases that we cannot do so. One may obtain your software legally or illegally, which is not a matter. But, if he or she found flaws or be able to compromise security feature in the software then it is very good to know right away.

How software itself can classify its user, and in another way round, how the user can determine the software to be used. There should be a mechanism helping us to create security feature in the software, which will ultimately give us a trust in software.

The role of software security is not only a protection on unauthorized usage but also safeguarding itself from being tampered. Why being tampered? Because, at the moment computer hardware are widely available in an openness fashion and that makes it to be very easy for someone to change any software content.

Computer hardware systems become more and more complicate and powerful, helping us in achieving solution faster and more productive. On the other hand it provides the hackers higher capability to attack and gain more success in breaking into weak systems. Once we can produce robust enough software where we can trust with some kind of identifiable or classifiable it means we can reduce vulnerability of being attacked at certain extent.

We still need software security even we do not know “Are we under attacked?”