Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 11 Apr 2003 10:52:01 -0400
Crispin Cowan wrote:
I can point a finger :-) *The* problem is that "software engineering" is not actually an engineering discipline, it is a black art. Software development is not repeatable, not predictable, not manageable, and depends critically on key individuals. This is an art form.We can all *wish* for software to become an engineering discipline, but that doesn't make it so, no matter how much money you put behind it. The SE research community has been working on making it actually be an engineering discipline for 20 or 30 years or so, and they've made some marginal progress, but it is still fundamentally an art form.
I was going to say something similar last night but I wanted to think about other complex, non-deterministic, creative processes that, unlike software engineering, ARE generally successful at creating reproducible quality. Thinking about it, many of them that are important to infrastructure and safety, such as engineering and architecture, require certification, licensing, third party inspections, and governement regulations. Another difference may be the amount of varied interaction with the end user of the product. While a spacecraft may have to survive in an environment of almost infinite temperature and force changes with random particle hits thrown in, most of those can be mathmatically modeled and, given sufficient money and motivation, designed around an acceptable risk level. Contrast that with the different ways humans may intentionally and unintentionally use a piece of software in and out of its intended design parameters and couple that with being attached to a world-wide network. This creates a big gray area for compromise between robustness for user intentions and robustness for self-protection. The software engineer is tasked with modeling the world of humans. This may be especially true of security software. I also think that software engineering is significantly different than other engineering fields because it is basically creating something out of nothing. There are very few natural or physical laws that set baseline contraints unlike civil, electrical, mechanical, etc. engineering fields. Given enough time, one could theoretically write code and design computer interfaces to do just about anything. Doing it well and ensuring an accurate model is another story entirely. :) Software writers basically create their own worlds. They are able to directly manipulate the genetic code of the algorithm and the atoms of the machine. They are less limited by physical laws and perhaps are closer to creative writers than mechanical engineers. Sometimes I think that is the attraction of computers. -- Gary Flynn Security Engineer - Technical Services James Madison University _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Magosányi Árpád (Apr 11)
- Re: tunnel vs open a hole Gary Flynn (Apr 10)
- Re: tunnel vs open a hole Paul Robertson (Apr 10)
- Re: tunnel vs open a hole Paul Robertson (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 14)
- Re: tunnel vs open a hole George Capehart (Apr 10)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 10)
- Re: tunnel vs open a hole Crispin Cowan (Apr 10)
- Re: tunnel vs open a hole Gary Flynn (Apr 11)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 11)
- Re: tunnel vs open a hole Steven M. Bellovin (Apr 11)
- Re: tunnel vs open a hole Magosányi Árpád (Apr 15)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 15)