Re: Public disclosure of discovered vulnerabilities
From: Colonel Forbin (forbin_at_dev.nul)
Date: 06/09/05
- Next message: Mike Amling: "Re: Public disclosure of discovered vulnerabilities"
- Previous message: Mike Amling: "Re: Crypto++ error while loading RSA public key"
- In reply to: Stephen Fuld: "Re: Public disclosure of discovered vulnerabilities"
- Next in thread: Del Cecchi: "Re: Public disclosure of discovered vulnerabilities"
- Reply:(deleted message) Del Cecchi: "Re: Public disclosure of discovered vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 09 Jun 2005 20:26:46 GMT
In article <bt%pe.301836$cg1.156605@bgtnsc04-news.ops.worldnet.att.net>,
Stephen Fuld <s.fuld@PleaseRemove.att.net> wrote:
>
>"Douglas A. Gwyn" <DAGwyn@null.net> wrote in message
>news:nJadnUNakc32bjrfRVn-gQ@comcast.com...
>> Colonel Forbin wrote:
>>> I think this is what Doug has been aiming at, but he hasn't really
>>> addressed the larger picture of the extrinsic factors beyond the
>>> language itself which discourage production of robust code since
>>> his point was simply that the language itself is not the culprit
>>> in most cases.
>>
>> Yes, thanks; you expressed the global issue rather well.
>>
>> I am somewhat pessimistic about the chances for fixing
>> the education and management problems that have struck
>> nationwide if not worldwide. But we don't have to fix
>> the whole thing in order to address the more limited
>> area of software security; for example, something along
>> the lines of the Underwriters' Laboratory Seal of
>> Approval might help improve the situation.
>
>There is the ISO 9000 stuff which is an attempt to do pretty much that. It
>doesn't "certify" a particular product, but the process used to produce that
>product, including design reviews, etc. I personally haven't found that ISO
>9000 certified companies produce noticibly better products than those not so
>certified, but YMMV.
IMHO, ISO 9000 is just another irrelevant nonsolution much like certification
of programmers. It hasn't addressed the root problem at all, just added a
whole new parasitic industry on top of it.
A great part of the problem, in the US at least, is a wholesale
abandonment of ethics and adoption of greed as the key driver for the
American business and investment culture. As a natural response to
this, workers have become more and more self absorbed as their life
stress mounts and they see no inspiration toward altruism from their
"leaders."
- Next message: Mike Amling: "Re: Public disclosure of discovered vulnerabilities"
- Previous message: Mike Amling: "Re: Crypto++ error while loading RSA public key"
- In reply to: Stephen Fuld: "Re: Public disclosure of discovered vulnerabilities"
- Next in thread: Del Cecchi: "Re: Public disclosure of discovered vulnerabilities"
- Reply:(deleted message) Del Cecchi: "Re: Public disclosure of discovered vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
