Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FWTK and smap/smapd

From: "Anton J Aylward, CISSP" <aja () si on ca>
Date: 19 Jul 2002 11:04:17 -0400
On Fri, 2002-07-19 at 10:24, Marcus J. Ranum wrote:

Joseph S D Yao wrote:

without
commentary providing what you might call the specifications or design,
or the social contract between the programmer and the user, there is
nothing against which you can hold a piece of code and say, "THIS IS
WRONG!"  Code is amoral; it has an inherently situational ethic; such
that even the grossest of buffer overflows can only lead us to conclude
that the code does it, therefore the code does it.  We must provide and
communicate the moral absolutes against which the code is measured
right or wrong.  And we can communicate this on dead trees, or in
living commentary.


Hmmm... you've convinced me.  I hadn't looked at it from that
angle before.

[snip]

 

But you're right - what we're really talking about is checks and
balances. And if you just give code there's, well, just code...
I retract my previous comments on this topic!!! :) Where's the "undo"
button?!


Sorry for including so much.
Yes, and this is one of my objections to much of the Open Source
community, including such companies as XIMIAN and the OpenOffice.org
group although I shouldn't pick on them.  In many ways the "Open Source"
arguments against closed source are pure hypocrisy.  

Code is just code.  Big deal.  Having the source code only tells you
what the source code is.  As Joseph points out, it doesn't tell you why
it does what it does, if it should do what it does or anything.

This takes more than just comments, it takes more than just the
specification.  It requires knowing the design DECISIONS.  Why was it
does this way?  Why was this specified?

One of the prime tenets of security is to have policies, since without
policies there is no coherence, everything is just an arbitrary - even
if well minded (but also uninformed) - decision made at the time.  At
another time the same person or someone else might make a different
decisions.  I won't belabor this point since every decent book on
security makes it clear.

So too with code.  But a specification is not like a security policy -
it doesn't explain the WHY only the WHAT.  The "social context" is
needed to give meaning to this "amoral code".

And just to do the CYA bit: "get it out the door quickly and make a
profit" does not constitute adequate meaning or be adequate context.

/anton
--
Hardware has grown following Moore's Law, 
software seems to be stuck with Gresham's Law.
  -Jim Horning, Inside Risks 
         133 CACM 44, 7, July 2001
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: