Re: [fw-wiz] tunnel vs open a hole

From: Steven M. Bellovin (smb@research.att.com)
Date: 04/11/03

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"
    From: "Steven M. Bellovin" <smb@research.att.com>
    To: Crispin Cowan <crispin@wirex.com>
    Date: Fri, 11 Apr 2003 15:36:44 -0400
    

    In message <3E961989.3010809@wirex.com>, Crispin Cowan writes:
    >Marcus J. Ranum wrote:
    >
    >>This is an intellectually stimulating discussion for us, I'm sure, but basica
    >lly
    >>it's going to go around in circles for ever. Because software and the pressur
    >es
    >>on the software industry are complex and interdependent. You literally cannot
    >>point at one spot and say "THERE'S THE PROBLEM!" - if it was that easy,
    >>don't you think it would have been fixed a long time ago?? In fact, in order
    > to
    >>have significant improvement in software quality (and therefore security)
    >>
    >I can point a finger :-) *The* problem is that "software engineering" is
    >not actually an engineering discipline, it is a black art. Software
    >development is not repeatable, not predictable, not manageable, and
    >depends critically on key individuals. This is an art form.
    >

    Anyone who hasn't yet read "The Mythical Man Month", by Fred Brooks,
    *run do not walk* to your nearest bookstore and get a copy.

    Brooks wrote that book based on his experiences as the manager of,
    first, IBM's System/360 mainframes -- which was a management success,
    and whose architecture is still with us, for the most part -- and then
    of OS/360, which Brooks himself has described as a failure. He wrote
    the book partly to answer the question of "why" -- why did he (and
    everyone else) find software project management very much harder than
    any other sort. (In my graduate school career, I had Brooks as a
    professor for four different courses. He's been a tremendous influence
    on my career. And I still find myself turning to Mythical Man Month
    for citations to all sorts of things, such as the bug rate in patches
    vs. original code.)

                    --Steve Bellovin, http://www.research.att.com/~smb (me)
                    http://www.wilyhacker.com (2nd edition of "Firewalls" book)

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] tunnel vs open a hole"