Re: [fw-wiz] tunnel vs open a hole
From: Steven M. Bellovin (smb@research.att.com)
Date: 04/11/03
- Previous message: Volker Tanger: "Re: [fw-wiz] Symantec Enterprise firewalls"
- In reply to: Crispin Cowan: "Re: [fw-wiz] tunnel vs open a hole"
- Next in thread: Crispin Cowan: "Re: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven M. Bellovin" <smb@research.att.com> To: Crispin Cowan <crispin@wirex.com> Date: Fri, 11 Apr 2003 15:36:44 -0400
In message <3E961989.3010809@wirex.com>, Crispin Cowan writes:
>Marcus J. Ranum wrote:
>
>>This is an intellectually stimulating discussion for us, I'm sure, but basica
>lly
>>it's going to go around in circles for ever. Because software and the pressur
>es
>>on the software industry are complex and interdependent. You literally cannot
>>point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy,
>>don't you think it would have been fixed a long time ago?? In fact, in order
> to
>>have significant improvement in software quality (and therefore security)
>>
>I can point a finger :-) *The* problem is that "software engineering" is
>not actually an engineering discipline, it is a black art. Software
>development is not repeatable, not predictable, not manageable, and
>depends critically on key individuals. This is an art form.
>
Anyone who hasn't yet read "The Mythical Man Month", by Fred Brooks,
*run do not walk* to your nearest bookstore and get a copy.
Brooks wrote that book based on his experiences as the manager of,
first, IBM's System/360 mainframes -- which was a management success,
and whose architecture is still with us, for the most part -- and then
of OS/360, which Brooks himself has described as a failure. He wrote
the book partly to answer the question of "why" -- why did he (and
everyone else) find software project management very much harder than
any other sort. (In my graduate school career, I had Brooks as a
professor for four different courses. He's been a tremendous influence
on my career. And I still find myself turning to Mythical Man Month
for citations to all sorts of things, such as the bug rate in patches
vs. original code.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Volker Tanger: "Re: [fw-wiz] Symantec Enterprise firewalls"
- In reply to: Crispin Cowan: "Re: [fw-wiz] tunnel vs open a hole"
- Next in thread: Crispin Cowan: "Re: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
