When software developers make a mistake in their products, it's called a bug When these bugs can be used by hackers to gain access to a resource or information that they should not have access to, it's called a vulnerability. There are thousands of these vulnerabilities in modern computer systems. Many of them can be used by hackers to take over your computer without you knowing it. Once they've gained access to your computer, they may be able to find your credit card number or your Social Security number. They can send email as you or attack other systems from your computer.

In 1999, the Common Vulnerabilities and Exposures initiative began compiling and cataloging security vulnerabilities reported by security researchers and software vendors.

CVE entries by year:

• 1999: 1566 vulnerabilities catalogued.
• 2000: 1226 vulnerabilities catalogued.
• 2001: 1559 vulnerabilities catalogued.
• 2002: 2111 vulnerabilities catalogued.
• 2003: 1229 vulnerabilities catalogued.
• 2004: 2483 vulnerabilties catalogued.

New vulnerabilities are discovered everyday.

In response to bugs and vulnerabilities, software vendors release patches. Cryptographer and security consultant Bruce Schneier once said that "Security is a process, not a product." An essential element of that process is keeping systems patched and in a timely manner.

Many software vendors have automated the patching process to some extent.

Microsoft recently changed their Windows Update service to include updates for Microsoft applications in addition to their operating systems. The process of keeping a Windows system up to date can be fully automated.

If you're a Mac user, you can find information on keeping your Apple fresh at http://docs.info.apple.com/article.html?artnum=106704.

If you're running SuSE Linux Enterprise Server (SLES9), you can configure Yast to automatically pull updates and you can even use the local campus YOU server, http://seagull.cc.ku.edu/YOU.

Debian folks can run apt.

Whatever OS or software you're using, it's essential that you keep it patched. We've tried to cover the majors here, but if you're running something else, be sure to check with the vendor about how to keep it secure and up to date. When the worms come crawling, you'll be glad you did.