Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 09 Apr 2003 20:44:45 -0400
George Capehart wrote:
<rant> It's my conviction that all of this is a management problem. If the business owner of the product/project or whatever really gave a rat's a**, error checking *would* exist in code.
It's an across the board problem. I think there's enough blame to go around, honestly. :) The bubble of the late 1990's taught a generation of programmers, their managers, executives, and venture capitalists that "crap today is better than good tomorrow." The landscape was littered with companies that didn't make it because they got out the door 2 weeks behind the guys who just shovelled it over the fence. So we can blame: - The customers, who chose to compensate mediocrity with IPO millions - The managers, who encouraged programmers to try to meet insane schedules - The execs, who set the insane schedules - The programmers, who wrote a lot of really insecure junk In my previous posting on this topic, this was what I was referring to about the "get it to market yesterday" mindset and how the lunatics wound up taking over the asylum. Hey, if customers are going to make you a bazillionaire for writing crud, why not give them what they want, right? So, across the board - the entire board - we have *UTTERLY* failed as an industry to take seriously a few serious things. The last time I was managing a bunch of software engineers, I bought 2 licensed copies of CodeCenter (a terrific tool literally worth its weight in gold) and 2 copies of Purify. Nobody ever used them except me and, I think, one other guy a couple times. I guess, as "management" I failed because I simply expected that engineers would be professional enough to care? No, that doesn't wash - the bottom line was that some of the engineers I've worked with (so called "software engineers") didn't even know how to use a debugger because they thought that using printf()s was "faster" and they were on a tight schedule and didn't have time to learn gdb... I'm sorry, but that, to me, is not professionalism. Managers have to demand it, and have to support their engineers in taking the extra time to use the tools and follow the procedures to write rock-solid code. And they have to be able to help control executive's expectations as to schedules. Everyone, across the board, has to do their job right. So do the customers. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: tunnel vs open a hole Behm, Jeffrey L. (Apr 07)
- <Possible follow-ups>
- RE: tunnel vs open a hole Melson, Paul (Apr 08)
- RE: tunnel vs open a hole Bruce Platt (Apr 08)
- RE: tunnel vs open a hole Dave Piscitello (Apr 08)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 09)
- Re: tunnel vs open a hole George Capehart (Apr 09)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 09)
- Re: tunnel vs open a hole George Capehart (Apr 09)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 09)
- Re: tunnel vs open a hole R. DuFresne (Apr 10)
- Re: tunnel vs open a hole Bill Royds (Apr 10)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 09)
- Re: tunnel vs open a hole Dave Piscitello (Apr 10)
- Re: tunnel vs open a hole Adam Shostack (Apr 09)
- Re: tunnel vs open a hole Mike Frantzen (Apr 10)
- Re: tunnel vs open a hole R. DuFresne (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 10)