funsec mailing list archives
Re: Certs [was Re: Presidential Internet Kill Switch]
From: Jon Kibler <Jon.Kibler () aset com>
Date: Mon, 28 Sep 2009 13:14:07 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 der Mouse wrote:
I think in the long run, we're going to end up looking more at certification in the sense that CivEs or EE's look at it - something like professional engineering certification.I doubt this will happen until and unless the field matures enough that it's fair to treat it as an engineering discipline rather than a creative art. That, i'm not sure will ever happen. (I'm also far from sure it won't, too, though.)
The problem is not that we lack the knowledge of how to engineer software, rather, the problem is that we choose not to properly engineer software. Why? Here are some of the reasons that immediately come to mind: -- There is too much pressure to "get to market" rather than to do a proper engineering job of requirements definition, functional specification, architecture specification, detailed design, source code reviews, and extensive testing. (I worked on properly engineered DoD systems in the 1970s which were in the 10s of MLOC size, and delivered to the customer with less than a dozen known bugs.) -- Too many software engineers do not want their "creativity stifled" by design specifications, coding standards, peer reviews, etc. (I remember teaching requirements engineering to a bunch of systems engineers and software architects back in the mid 90s. One of the senior architects asked "Why do we need all of this paperwork bull s***, we have a good idea what the customer wants, why can't we just start writing code instead of doing paperwork?) -- Software quality and security currently do not carry any legal liability, so management is concerned with neither. If you engineer a bridge and it falls down, you have liability. If the bridge falls down because of faulty design software, the software maker has no liability. Until this picture changes, and software caries product liability requirements, we will never make software a successful engineering discipline. My $0.02 worth. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrA7t8ACgkQUVxQRc85QlMicgCeNrG/fK16BaMTXoSpwWS7FKv3 MewAnRM7h5bIanQFGsFd0xZwSzW6LfUi =W490 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Presidential Internet Kill Switch, (continued)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Nick FitzGerald (Sep 24)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 22)
- Re: Presidential Internet Kill Switch Paul Ferguson (Sep 22)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 22)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 23)
- Re: Presidential Internet Kill Switch phester (Sep 23)
- Re: Presidential Internet Kill Switch Michael Collins (Sep 23)
- Certs [was Re: Presidential Internet Kill Switch] der Mouse (Sep 27)
- Re: Certs [was Re: Presidential Internet Kill Switch] Jon Kibler (Sep 28)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Buhrmaster, Gary (Sep 23)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 23)