Re: Re: Application Insecurity --- Who is at Fault?

[ljknews <ljknews () mac com>]

At 4:21 PM -0400 4/11/05, Dave Paris wrote:
> Joel Kamentz wrote:
> > Re: bridges and stuff.
> >
> > I'm tempted to argue (though not with certainty) that it seems that the bridge analogy is flawed
> > in another way --
> > that of the environment.  While many programming languages have similarities and many things apply
> > to all programming,
> > there are many things which do not translate (or at least not readily).  Isn't this like trying to
> > engineer a bridge
> > with a brand new substance, or when the gravitational constant changes?  And even the physical
> > disciplines collide
> > with the unexpected -- corrosion, resonance, metal fatigue, etc.  To their credit, they appear far
> > better at
> > dispersing and applying the knowledge from past failures than the software world.
>
> Corrosion, resonance, metal fatigue all have counterparts in the
> software world.  glibc flaws, kernel flaws, compiler flaws.  Each of
> these is an outside influence on the application - just as environmental
> stressors are on a physical structure.

Corrosion and metal fatigue actually get worse as time goes on.
Software flaws correspond more to resonance, where there is a
defect in design or implementation.
-- 
Larry Kilgallen