Re: [fw-wiz] tunnel vs open a hole

From: Crispin Cowan (crispin@wirex.com)
Date: 04/11/03

  • Next message: dave: "[fw-wiz] Symantec Enterprise firewalls" 
    From: Crispin Cowan <crispin@wirex.com>
To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Thu, 10 Apr 2003 18:32:16 -0700

    Marcus J. Ranum wrote:

    >This is an intellectually stimulating discussion for us, I'm sure, but basically
    >it's going to go around in circles for ever. Because software and the pressures
    >on the software industry are complex and interdependent. You literally cannot
    >point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy,
    >don't you think it would have been fixed a long time ago?? In fact, in order to
    >have significant improvement in software quality (and therefore security)
    >
    I can point a finger :-) *The* problem is that "software engineering" is
    not actually an engineering discipline, it is a black art. Software
    development is not repeatable, not predictable, not manageable, and
    depends critically on key individuals. This is an art form.

    We can all *wish* for software to become an engineering discipline, but
    that doesn't make it so, no matter how much money you put behind it. The
    SE research community has been working on making it actually be an
    engineering discipline for 20 or 30 years or so, and they've made some
    marginal progress, but it is still fundamentally an art form.

    All of the issues discussed here (flaky software, unreasonable
    management demands, unreasonable engineering development delay, etc.)
    all reduce to the one true problem that software development is not a
    predictable process, and thus must be finessed.

    This is a subtly separate problem from the origin of this thread, "why
    is software so vulnerable?" There, I agree with MJR: code quality will
    not substantially improve until customers start demanding quality over
    features. Until then, managers will do what they are supposed to do:
    give the customers what they want.

    Crispin 

    -- 
Crispin Cowan, Ph.D.                      http://wirex.com/~crispin/
Chief Scientist, WireX                    http://wirex.com
HP/Trend Micro Immunix Secured Solutions
http://h18000.www1.hp.com/products/servers/solutions/iis/
			    Just say ".Nyet"
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: dave: "[fw-wiz] Symantec Enterprise firewalls"