Issue link: https://resources.mouser.com/i/1315957
49 | the combination of its software-heavy architecture and new operating model might expose a richer set of threat surfaces in 5G networks than mere physical access would. Software Intrusions The ascendancy of the 5G software-driven service-based architecture enables a radically new model that empowers multiple contributors, shrinking the influence and oversight that the single-provider model offers in today's mobile services. New opportunities will emerge for additional players to package 5G software components into service offerings at a sensible cost but that also optimize reach, latency, bandwidth, and any other parameters of interest to consumers. At the same time, qualified third-party developers will be able to take advantage of application programming interfaces (APIs) associated with each component and be able to offer unique NFV services, specialized SDN configurations, and even enterprise-scale "apps." As with any complex software integration, the combination of many software components with different APIs, protocols, and stakeholders can leave security holes in the final offering. Although each software component might intend to offer the tightest possible security, security weaknesses can be built-in inadvertently through the component's own code or through the software libraries used for its development. The result of these types of internal weaknesses has given rise to the disturbingly commonplace discovery of "zero-day defects" in widely distributed, supposedly stable code, and such defects in evolving-code sets remain a concern. In a system of cooperating software components as complex as a 5G network, the likelihood of security defects grows dramatically. Each boundary crossing between components, subsystems, or systems represents a potential threat surface arising from weaknesses in the API or related transaction protocols. Although tools have evolved for API development and protocol analysis, 5G networks face a potential flood of third-party software offerings, each with potential security holes waiting for discovery by determined cybercriminals. Although a few of those security holes might be planned avenues for future exploits, some security vulnerabilities can arise simply as developers rush to stake their claim as first to the market with new capabilities. Unfortunately, the industry is replete with examples like these. Poorly secured connected products have been rushed into the market—only to be hijacked as part of botnets for massive