{"description": "The simplest way to avoid vulnerabilities in software is to avoid\ninstalling that software. On Ubuntu 22.04,the Package Manager (originally <a xmlns='http://www.w3.org/1999/xhtml' href='https://www.debian.org/doc/manuals/debian-faq/pkgtools.en.html'>apt</a> ),\nallows for careful management of\nthe set of software packages installed on a system. Installed software\ncontributes to system vulnerability in several ways. Packages that\ninclude setuid programs may provide local attackers a potential path to\nprivilege escalation. Packages that include network services may give\nthis opportunity to network-based attackers. Packages that include\nprograms which are predictably executed by local users (e.g. after\ngraphical login) may provide opportunities for trojan horses or other\nattack code to be run undetected. The number of software packages\ninstalled on a system can almost always be significantly pruned to include\nonly the software for which there is an environmental or operational need.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Minimize Software to Minimize Vulnerability", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/intro/general-principles/principle-minimize-software/group.yml"}