Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: "Anton J Aylward, CISSP" <aja () si on ca>
Date: 19 Jul 2002 11:04:17 -0400
On Fri, 2002-07-19 at 10:24, Marcus J. Ranum wrote:
Joseph S D Yao wrote:without commentary providing what you might call the specifications or design, or the social contract between the programmer and the user, there is nothing against which you can hold a piece of code and say, "THIS IS WRONG!" Code is amoral; it has an inherently situational ethic; such that even the grossest of buffer overflows can only lead us to conclude that the code does it, therefore the code does it. We must provide and communicate the moral absolutes against which the code is measured right or wrong. And we can communicate this on dead trees, or in living commentary.Hmmm... you've convinced me. I hadn't looked at it from that angle before. [snip]
But you're right - what we're really talking about is checks and balances. And if you just give code there's, well, just code... I retract my previous comments on this topic!!! :) Where's the "undo" button?!
Sorry for including so much. Yes, and this is one of my objections to much of the Open Source community, including such companies as XIMIAN and the OpenOffice.org group although I shouldn't pick on them. In many ways the "Open Source" arguments against closed source are pure hypocrisy. Code is just code. Big deal. Having the source code only tells you what the source code is. As Joseph points out, it doesn't tell you why it does what it does, if it should do what it does or anything. This takes more than just comments, it takes more than just the specification. It requires knowing the design DECISIONS. Why was it does this way? Why was this specified? One of the prime tenets of security is to have policies, since without policies there is no coherence, everything is just an arbitrary - even if well minded (but also uninformed) - decision made at the time. At another time the same person or someone else might make a different decisions. I won't belabor this point since every decent book on security makes it clear. So too with code. But a specification is not like a security policy - it doesn't explain the WHY only the WHAT. The "social context" is needed to give meaning to this "amoral code". And just to do the CYA bit: "get it out the door quickly and make a profit" does not constitute adequate meaning or be adequate context. /anton -- Hardware has grown following Moore's Law, software seems to be stuck with Gresham's Law. -Jim Horning, Inside Risks 133 CACM 44, 7, July 2001 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: FWTK and smap/smapd, (continued)
- Re: FWTK and smap/smapd Jerry Wintrode (Jul 16)
- Re: FWTK and smap/smapd Kevin Steves (Jul 16)
- Re: FWTK and smap/smapd Bennett Todd (Jul 16)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Anton J Aylward, CISSP (Jul 19)
- Re: FWTK and smap/smapd Paul D. Robertson (Jul 19)
- Re: FWTK and smap/smapd R. DuFresne (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Message not available
- Code reviews [Was: FWTK and smap/smapd] Marcus J. Ranum (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Jim Duncan (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 22)
- Re: Code reviews [Was: FWTK and smap/smapd] ark (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Joseph S D Yao (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)