Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Crispin Cowan <crispin () wirex com>
Date: Thu, 10 Apr 2003 18:32:16 -0700
Marcus J. Ranum wrote:
This is an intellectually stimulating discussion for us, I'm sure, but basically it's going to go around in circles for ever. Because software and the pressures on the software industry are complex and interdependent. You literally cannot point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy, don't you think it would have been fixed a long time ago?? In fact, in order to have significant improvement in software quality (and therefore security)
I can point a finger :-) *The* problem is that "software engineering" is not actually an engineering discipline, it is a black art. Software development is not repeatable, not predictable, not manageable, and depends critically on key individuals. This is an art form. We can all *wish* for software to become an engineering discipline, but that doesn't make it so, no matter how much money you put behind it. The SE research community has been working on making it actually be an engineering discipline for 20 or 30 years or so, and they've made some marginal progress, but it is still fundamentally an art form. All of the issues discussed here (flaky software, unreasonable management demands, unreasonable engineering development delay, etc.) all reduce to the one true problem that software development is not a predictable process, and thus must be finessed. This is a subtly separate problem from the origin of this thread, "why is software so vulnerable?" There, I agree with MJR: code quality will not substantially improve until customers start demanding quality over features. Until then, managers will do what they are supposed to do: give the customers what they want. Crispin -- Crispin Cowan, Ph.D. http://wirex.com/~crispin/ Chief Scientist, WireX http://wirex.com HP/Trend Micro Immunix Secured Solutions http://h18000.www1.hp.com/products/servers/solutions/iis/ Just say ".Nyet" _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Paul Robertson (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 14)
- RE: tunnel vs open a hole Carroll, Shawn (Apr 10)
- RE: tunnel vs open a hole Carroll, Shawn (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 10)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 10)
- Re: tunnel vs open a hole Crispin Cowan (Apr 10)
- Re: tunnel vs open a hole Gary Flynn (Apr 11)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 11)
- Re: tunnel vs open a hole Steven M. Bellovin (Apr 11)
- Re: tunnel vs open a hole George Capehart (Apr 10)
- Re: tunnel vs open a hole Crispin Cowan (Apr 11)
- Re: tunnel vs open a hole Magosányi Árpád (Apr 15)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 15)
- Re: tunnel vs open a hole Joseph S D Yao (Apr 15)
- RE: tunnel vs open a hole David Lang (Apr 15)