Re: Interesting article ZDNet re informal software development quality

[Crispin Cowan <crispin () immunix com>]

Carl G. Alphonce wrote:


I think there are issues which software developers must be aware of
and techniques they must be proficient with in order to develop secure
software.  Whether a "stamp of approval" should come from a
certification course or successful completion of an accredited degree
program is a good question.  Members of some professions
("self-regulating professions" I think they're called) must be members
of colleges in order to practice.  These colleges have the authority
to take action against members who do not practice in accordance with
accepted procedures, of who have had complaints lodged against them.

Yes, this is exactly what I was referring to. Such professional 
societies only come into existence when the canon of best practices is 
well-established. When the best way to get the job done is a matter of 
controversial opinion, then the professional society cannot meaningfully 
regulate conduct. Here the professional society would actually be 
*worse* than the status quo, because they would end up mandating fairly 
arbitrary practices, and damning people who follow a different doctrine. 
This can lead to political nepotism (think "Spanish Inquisition") and 
can also inhibit progress towards better methods that contradict 
doctrine (Linus is not using the approved doctrine, so he must be a 
heretic like Galileo).



Of course, there is also the risk that something along these lines
becomes a costly and toothless bureaucracy.

Considering the raging success of the Orange Book and the Common 
Criteria, I don't see how this could possibly happen :)


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/