Re: [fw-wiz] tunnel vs open a hole

From: Steven M. Bellovin (smb@research.att.com)
Date: 04/11/03

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"
    From: "Steven M. Bellovin" <smb@research.att.com>
    To: Crispin Cowan <crispin@wirex.com>
    Date: Fri, 11 Apr 2003 15:36:44 -0400
    

    In message <3E961989.3010809@wirex.com>, Crispin Cowan writes:
    >Marcus J. Ranum wrote:
    >
    >>This is an intellectually stimulating discussion for us, I'm sure, but basica
    >lly
    >>it's going to go around in circles for ever. Because software and the pressur
    >es
    >>on the software industry are complex and interdependent. You literally cannot
    >>point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy,
    >>don't you think it would have been fixed a long time ago?? In fact, in order
    > to
    >>have significant improvement in software quality (and therefore security)
    >>
    >I can point a finger :-) *The* problem is that "software engineering" is
    >not actually an engineering discipline, it is a black art. Software
    >development is not repeatable, not predictable, not manageable, and
    >depends critically on key individuals. This is an art form.
    >

    Anyone who hasn't yet read "The Mythical Man Month", by Fred Brooks,
    *run do not walk* to your nearest bookstore and get a copy.

    Brooks wrote that book based on his experiences as the manager of,
    first, IBM's System/360 mainframes -- which was a management success,
    and whose architecture is still with us, for the most part -- and then
    of OS/360, which Brooks himself has described as a failure. He wrote
    the book partly to answer the question of "why" -- why did he (and
    everyone else) find software project management very much harder than
    any other sort. (In my graduate school career, I had Brooks as a
    professor for four different courses. He's been a tremendous influence
    on my career. And I still find myself turning to Mythical Man Month
    for citations to all sorts of things, such as the bug rate in patches
    vs. original code.)

                    --Steve Bellovin, http://www.research.att.com/~smb (me)
                    http://www.wilyhacker.com (2nd edition of "Firewalls" book)

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"

    Relevant Pages

    • Re: Illegal Databases
      ... This sort of thing really is quite pathetic in this day and age. ... F**king British management caught in the stone age again and why ... doesn’t it surprise me that it’s in the building industry where, ... of these never had it so easy companies will need managers that can ...
      (uk.legal)
    • Re: Halo 2 coming to PC --- Windows Vista only
      ... protect core systems from script attacks? ... That sort of technology would require some sort ... of UNIX system to make it work. ... management so royally in XP, considering the OS is a home OS intended ...
      (comp.sys.ibm.pc.games.action)
    • Re: Bend Over
      ... should provide some sort of recognition their employee's contributions ... Mutual Funds will shortly be forced to publish their proxy votes. ... Mutual Fund managers have been voting overwhelming with management ...
      (misc.news.internet.discuss)
    • Re: RFD: Proposed change to Newsgroup Management Documents
      ... sort of two-way dialogue that happened between the management of uk.* and ... major news server administrators. ... sort of increase of said effort. ...
      (uk.net.news.management)
    • Re: Prickly City 3-26-07
      ... I'm betting that Carmen is getting a pink slip because of the recent ... change in management in Congress. ... Sort of a changing tides kind of ...
      (rec.arts.comics.strips)