Re: Re: Application Insecurity --- Who is at Fault?

["Carl G. Alphonce" <alphonce () cse Buffalo EDU>]

on Monday April 11, 2005, Damir Rajnovic wrote:
> On Mon, Apr 11, 2005 at 12:21:30PM +1000, Michael Silk wrote:
> >  Back to the bridge or house example, would you allow the builder to
> > leave off 'security' of the structure? Allow them to introduce some
> > design flaws to get it done earlier? Hopefully not ... so why is it
> > allowed for programming? Why can people cut out 'security' ? It's not
> > extra! It's fundamental to 'programming' (imho anyway).
>
> Even builders and architects do experiment and introduce new things.
> Not all of these are outright success. We have a wobbly bridge in UK and
> there is(was) new terminal at Charles de Gaulle airport in Paris.
>
> Every profession makes mistakes. Some are more obvious and some not. I am
> almost certain that architects can tell you many more stories where
> things were not done as secure as they should have been.
>
> Comparisons can be misleading.

Indeed.  I am fairly certain that there are numerous examples of
buildings which were properly designed yet were built differently.  I
can't believe that builders never use different materials than are
called for in the plans, and that they never make on-site adjustments
to the plans to accomodate last-minute customer requests ("we really
want a double sink in the master bath"), etc.

------------------------------------------------------------------------
           ()  ascii ribbon campaign - against html e-mail
           /\
------------------------------------------------------------------------
Carl Alphonce                            [EMAIL PROTECTED]
Dept of Computer Science and Engineering (716) 645-3180 x115 (tel)
University at Buffalo                    (716) 645-3464      (fax)
Buffalo, NY 14260-2000                   www.cse.buffalo.edu/~alphonce