Secure Coding mailing list archives
Re: Interesting article ZDNet re informal software development quality
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 09 Jan 2004 14:48:01 +0000
Carl G. Alphonce wrote: I think there are issues which software developers must be aware of and techniques they must be proficient with in order to develop secure software. Whether a "stamp of approval" should come from a certification course or successful completion of an accredited degree program is a good question. Members of some professions ("self-regulating professions" I think they're called) must be members of colleges in order to practice. These colleges have the authority to take action against members who do not practice in accordance with accepted procedures, of who have had complaints lodged against them. Yes, this is exactly what I was referring to. Such professional societies only come into existence when the canon of best practices is well-established. When the best way to get the job done is a matter of controversial opinion, then the professional society cannot meaningfully regulate conduct. Here the professional society would actually be *worse* than the status quo, because they would end up mandating fairly arbitrary practices, and damning people who follow a different doctrine. This can lead to political nepotism (think "Spanish Inquisition") and can also inhibit progress towards better methods that contradict doctrine (Linus is not using the approved doctrine, so he must be a heretic like Galileo). Of course, there is also the risk that something along these lines becomes a costly and toothless bureaucracy. Considering the raging success of the Orange Book and the Common Criteria, I don't see how this could possibly happen :) Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Re: Interesting article ZDNet re informal software development quality, (continued)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 09)
- Re: Interesting article ZDNet re informal software development quality Brian Utterback (Jan 09)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 10)
- Re: Interesting article ZDNet re informal software development quality Brian Hetrick (Jan 07)
- RE: Interesting article ZDNet re informal software development quality David Crocker (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 09)