Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 11 Apr 2003 15:36:44 -0400
In message <3E961989.3010809 () wirex com>, Crispin Cowan writes:
Marcus J. Ranum wrote:This is an intellectually stimulating discussion for us, I'm sure, but basicallyit's going to go around in circles for ever. Because software and the pressureson the software industry are complex and interdependent. You literally cannot point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy, don't you think it would have been fixed a long time ago?? In fact, in ordertohave significant improvement in software quality (and therefore security)I can point a finger :-) *The* problem is that "software engineering" is not actually an engineering discipline, it is a black art. Software development is not repeatable, not predictable, not manageable, and depends critically on key individuals. This is an art form.
Anyone who hasn't yet read "The Mythical Man Month", by Fred Brooks, *run do not walk* to your nearest bookstore and get a copy. Brooks wrote that book based on his experiences as the manager of, first, IBM's System/360 mainframes -- which was a management success, and whose architecture is still with us, for the most part -- and then of OS/360, which Brooks himself has described as a failure. He wrote the book partly to answer the question of "why" -- why did he (and everyone else) find software project management very much harder than any other sort. (In my graduate school career, I had Brooks as a professor for four different courses. He's been a tremendous influence on my career. And I still find myself turning to Mythical Man Month for citations to all sorts of things, such as the bug rate in patches vs. original code.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Paul Robertson (Apr 10)
- Re: tunnel vs open a hole Paul Robertson (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 14)
- RE: tunnel vs open a hole Carroll, Shawn (Apr 10)
- RE: tunnel vs open a hole Carroll, Shawn (Apr 10)
- Re: tunnel vs open a hole George Capehart (Apr 10)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 10)
- Re: tunnel vs open a hole Crispin Cowan (Apr 10)
- Re: tunnel vs open a hole Gary Flynn (Apr 11)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 11)
- Re: tunnel vs open a hole Steven M. Bellovin (Apr 11)
- Re: tunnel vs open a hole George Capehart (Apr 10)
- Re: tunnel vs open a hole Crispin Cowan (Apr 11)
- Re: tunnel vs open a hole Magosányi Árpád (Apr 15)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 15)
- Re: tunnel vs open a hole Joseph S D Yao (Apr 15)