Secure Coding mailing list archives
Re: Re: Application Insecurity --- Who is at Fault?
From: Dave Paris <dparis () w3works com>
Date: Thu, 14 Apr 2005 22:25:54 +0100
Michael Silk wrote: I don't think that analogy quite fits :) If the 'grunts' aren't doing their job, then yes - let's blame them. Or at least help them find ways to do it better. If they're not doing their job, no need to blame them - they're critically injured, captured, or dead. ...or in the case of programmers - fired. If you insist on blaming them, you're redirecting blame and that's BS. As for "finding ways to do it better" .. they're well trained - if they're not well trained, they're (again) critically injured, captured, or dead. But as happened in the most recent "event in the big sandbox", they're not well supplied in all cases. Wow. Sound familiar? What? A programmer not given full specifications or the tools they need? Yeah. That never happens in the Corporate World. The analogy works. Some comparisons: You call in for close air support .. and friendlies drop munitions on your position (your manager just told the VP "yeah, we can ship two weeks early, no problems"). You call in for intel on your position and you're told the path to your next objective is clear - only to get ambushed as you're halfway there (the marketing guys sold the customer a bill of goods that can't possibly be delivered in the time alloted - and your manager agreed to it without asking the programmers) You're recon and you light up a target with a laser designator and then call in the bombers - only to find they can't drop the laser-guided munitions because "friendlies" just blew up the nearby fuel depot and now they can't get a lock on the designator because of the smoke (sorry, you can't get the tools you need to do your job so make due with what you've got - nevermind that the right tool is readily available - i.e. GPS-guided munitions in this example - it's just not supplied for this project). .. ok, enough with the examples, I hope I've made my point. Mr. Silk, it's become quite clear to me from your opinions that you appear to live/work in a very different environment (frankly, it sounds somewhat like Nirvana) than the bulk of the programmers I know. Grunts and programmers take orders from their respective chain of command. Not doing so with get a grunt injured, captured, or killed and a programmer fired. Grunts and programmers each come with a skillset and a brain trained and/or geared to accomplishing the task at hand. Experience lets them accomplish their respective jobs more effectively and efficiently by building on that training - but neither can disregard the chain of command without repercussions (scantions, court martial, injury, or death in the case of a grunt - and demotion or firing in the case of a programmer). If the grunt or programmer simply isn't good at their job, and the chain of command doesn't move them to a more appropriate position, they're either dead or fired. Respectfully, -dsp
Current thread:
- RE: Re: Application Insecurity --- Who is at Fault?, (continued)
- RE: Re: Application Insecurity --- Who is at Fault? Chris Matthews (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? der Mouse (Apr 12)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 12)
- Re: Re: Application Insecurity --- Who is at Fault? der Mouse (Apr 12)
- Adding some unexpected reliability expectations ljknews (Apr 13)
- Re: Adding some unexpected reliability expectations Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Damir Rajnovic (Apr 11)
- RE: Re: Application Insecurity --- Who is at Fault? Yousef Syed (Apr 11)
- Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 07)
- Re: Application Insecurity --- Who is at Fault? ljknews (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Julie JCH Ryan, D.Sc. (Apr 08)
- Re: Application Insecurity --- Who is at Fault? Crispin Cowan (Apr 08)
- Re: Application Insecurity --- Who is at Fault? George Capehart (Apr 19)
- Re: [ot] Application Insecurity --- Who is at Fault? Pete Shanahan (Apr 10)
- Re: Application Insecurity --- Who is at Fault? secureCoding2dave (Apr 07)