Secure Coding mailing list archives
Re: Application Insecurity --- Who is at Fault?
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 08 Apr 2005 20:45:54 +0100
Julie JCH Ryan, D.Sc. wrote: Other students chimed in on the argument positing that the programming challenge was an inaccurate measure of student programming capability because the contestant was not allowed to do research on the internet during the challenge. Another said the problem was that the challenge was too long and required contestants to have memorized too much. Formal contests are always inaccurate abstractions of the real world. As you raise the value of the contest, this inevitably pressures contestants to "game the system" and target the artificial artifacts of the game rules instead of the real world. Whether this has happened to the ACM Programming contest is a subjective opinion. IMHO, a closed-book contest is no longer very relevant to the real world, where Google is always just seconds away. This is particularly interesting to me because I just had a doctoral student come to me with an idea for dissertation research that included an hypothesis that organizations at SEI 1 were better able to estimate software development time and costs than organizations at SEI 5. He didn't seem to grasp the implications to quality, security, life cycle maintenance, etc. Or it could be that the student is positing that the methods mandated in the SEI are a grand waste of time, which would be an interesting hypothesis to test. Certainly the successes of open source development models make a mockery of some of the previously thought hard rules of Brooks' "Mythical Man Month", and I dare say that traditional software engineering methods deserve questioning. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
Current thread:
- Re: Re: Application Insecurity --- Who is at Fault?, (continued)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Damir Rajnovic (Apr 11)
- RE: Re: Application Insecurity --- Who is at Fault? Yousef Syed (Apr 11)
- Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 07)
- Re: Application Insecurity --- Who is at Fault? ljknews (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Julie JCH Ryan, D.Sc. (Apr 08)
- Re: Application Insecurity --- Who is at Fault? Crispin Cowan (Apr 08)
- Re: Application Insecurity --- Who is at Fault? George Capehart (Apr 19)
- Re: [ot] Application Insecurity --- Who is at Fault? Pete Shanahan (Apr 10)
- Re: Application Insecurity --- Who is at Fault? secureCoding2dave (Apr 07)
- RE: Application Insecurity --- Who is at Fault? Yousef Syed (Apr 10)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Jeff Williams (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)