Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OT - Rant on State of S/w Engr (was Re: Buffer Overruns)

From: "Doty, Ted (ISSAtlanta)" <TDoty () iss net>
Date: Thu, 23 Dec 1999 09:35:27 -0500
Lim Wei Siong Vincent <wslim () crtc corp mot com> wrote:


Well... I don't expect software with defects and I intend 
that laws should be
in place to protect me as a consumer.  My belief is that once 
such laws are in
place, the software industry will have a shakedown.  


There are many parallels between our industry and the early part of the
Industrial Revolution.  In the 17th and 18th centuries, bridges and houses
*did* fall down, steam engines exploded, and machines killed or maimed
people regularly.  As people got used to the new-fangled contraptions,
engineers learned how to build things that (mostly) don't fall down or
explode or kill people.

But this took a long, long time.  Steam boilers exploded regularly through
the last century.  The Takoma Narrows bridge was the 1930s - virtually
yesterday, when you think how long people have been building bridges.

We won't have any laws (that add value to the process, at least) until there
are "reasonable" expectations that the layman has about how Things Should
Work with software.  The historical record suggests that this takes decades
to develop (see David Landis' book about the Industrial Revolution,
_The_Unbound_Promethius_).

Until then, the courts (here in the US, at least) are coming down on the
side of caveat emptor: its your responsibility to configure your system
correctly.  See AT&T v. City of New York for an example.

Bottom line, the technology is changing so rapidly that your only protection
is to have someone with a clue, but things are changing so rapidly you can't
get someone with a clue.  :-(

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row  | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE
Previous By Date Next
Previous By Thread Next

Current thread: