Re: tunnel vs open a hole

[Gary Flynn <flynngn () jmu edu>]

Crispin Cowan wrote:

> I can point a finger :-) *The* problem is that "software engineering" is 
> not actually an engineering discipline, it is a black art. Software 
> development is not repeatable, not predictable, not manageable, and 
> depends critically on key individuals. This is an art form.
>
> We can all *wish* for software to become an engineering discipline, but 
> that doesn't make it so, no matter how much money you put behind it. The 
> SE research community has been working on making it actually be an 
> engineering discipline for 20 or 30 years or so, and they've made some 
> marginal progress, but it is still fundamentally an art form.

I was going to say something similar last night but I
wanted to think about other complex, non-deterministic,
creative processes that, unlike software engineering,
ARE generally successful at creating reproducible
quality.

Thinking about it, many of them that are important to
infrastructure and safety, such as engineering
and architecture, require certification, licensing,
third party inspections, and governement regulations.

Another difference may be the amount of varied
interaction with the end user of the product. While
a spacecraft may have to survive in an environment
of almost infinite temperature and force changes with
random particle hits thrown in, most of those can be
mathmatically modeled and, given sufficient money
and motivation, designed around an acceptable risk
level. Contrast that with the different ways humans
may intentionally and unintentionally use a piece of
software in and out of its intended design parameters
and couple that with being attached to a world-wide
network. This creates a big gray area for compromise
between robustness for user intentions and robustness
for self-protection. The software engineer is tasked
with modeling the world of humans. This may be
especially true of security software.

I also think that software engineering is significantly
different than other engineering fields because it is
basically creating something out of nothing. There are
very few natural or physical laws that set baseline
contraints unlike civil, electrical, mechanical, etc.
engineering fields. Given enough time, one could
theoretically write code and design computer interfaces
to do just about anything. Doing it well and ensuring
an accurate model is another story entirely. :) Software
writers basically create their own worlds. They are
able to directly manipulate the genetic code of the
algorithm and the atoms of the machine. They are less
limited by physical laws and perhaps are closer to
creative writers than mechanical engineers. Sometimes
I think that is the attraction of computers.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards