Existing computer systems typically employ a variety of security-related functions for protection against potentially harmful user activity. For example, user authentication is often employed which requires a user to provide a password or other credentials which establishes the user's identity and protects against the possibility of an intruder or fraudster masquerading as an authorized user and engaging in harmful activity. Another type of function, referred to as access control, enforces limitations on the activities that authorized users can engage in. In one common example, access controls may be placed on certain storage devices or file system directories so that only certain users are permitted to access the data therein. Such access controls can serve to protect sensitive data from being accidentally deleted or used for an improper purpose by a user who has no legitimate need for access to the data. One dimension of access control may regard a type of user. Users can include typical or “non-privileged” users and “privileged” users who engage in more sensitive operations. Privileged users, who are normally selected in part based on perceived trustworthiness, are by definition granted greater access to system operational functions than is granted to non-privileged users.
Existing security functions may not always provide adequate protection against certain types of harmful activity. For example, the password of a user may be compromised enabling an intruder or fraudster to engage in harmful activities. In a further example, a privileged user can engage in harmful and unethical activities such as downloading sensitive information for their own benefit. It will be appreciated that such activities could cause tremendous problems and incur substantial cost to an organization.
It will also be known by those skilled in the art that so-called phishing attacks are also a substantial threat. A phishing attack usually involves an attacker or fraudster fooling the user to exchange secret data such as the log-on details. The attacker, a man-in-the-middle, uses the transmitted authentication data thereafter or simultaneously to affect a log-on procedure under the identity of the attacked authorized user and misuse the user's rights.
Organizations involved in software development may employ a software configuration management (SCM) system (which may be or include a source code control (SCC) system) for managing source code assets produced by software developers. SCM systems provide numerous benefits to these organizations, including serving as a central source code repository for storing source code assets, retaining historical information about how source code assets have evolved over time, providing access to historical versions of the source code assets, and providing a mechanism for developers to share source code with team members.
Various tools exist that extract or determine metrics associated with areas of a software system. The metrics may be indicative of complexity or other aspects of an area of the code. Developers can use the metrics to make decisions regarding which areas of the system should be revised or replaced, and priorities for such work.
There is a need for computer systems to have further security-related functions for protection against potentially harmful activity.