Slashdot Mirror
The Peon's Guide To Secure System Development
libertynews writes "Michael Bacarella has written an article on coding and security. He starts out by saying 'Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion.' It is well worth the time to read it."
... because there is a recession on and companies are more interested in reducing costs.
Eventually, the money men will be pushed aside and companies will once again start to focus on quality.
Disgruntled Professional Software Engineer
The P.Eng has one thing right - we need 'software engineers' or 'computer engineers' that are liable for their work (and the company that uses them are liable for too).
If Microsoft's products are so good, why do they disclaim liability on it?
Of course it isn't just microsoft doing this either. The whole licensing thing. If a 'license' is supposted to give you the privledge to do or use something, then in most things you are completely liable for your actions. For example, I have a drivers license, I kill somebody it is my fault. If Acme's Nuclear Control Software 2002 goes faulty and blows up part of the states - they would probably claim no fault (bad example I know - special case currently probably).
What we see depends on mainly what we look for. -- John Lubbock Now search for that bug slave!
A non-Windows system is not a guarantee of invulnerability, but keeping a Windows system is guaranteed to put you at risk.
The real world seems to agree with him on these.
I work for an IT security company that does works some pretty secure systems. When we come across custom apps we are amazed time and time again how the logic was put into developing them, not just security. Its one thing to code, its another to do it well. My favorite catch was an SQL developer who created a hyperlink to care and feed his system that simply had to many bugs and pushed to production. Its important that companies have good end to end IT polices, apps, usage and security, but in large part managements dont recognize the risk until its to late.
It should be a crime to teach people C/C++.
High level languages like Ruby, Python, or even Java are strongly recommended for all new projects.
How about a high level, compiled language with static typing like Ocaml. More speed, more protection, and it's been officially certified as "The programming tool of choice for discriminating hackers".
Ocaml
# (/.);;
- : float -> float -> float =
Gotta agree with him on this one. I finally got out of a multi-year project where we used a gigantic POS graphics package as the back end. It added unnecessary complexity and over a year of hacked code to what should have been a month-long project (had we coded the graphics functions ourselves).
We got stuck with the package because the client chose it, and refused to admit they were wrong. When the project when 10X over budget and people got fired, they still stayed with the graphics package and even upgraded it to the 2.0 version.
The only way out was to quote them an astronomical figure for upgrading our software to match the POS and hope they wouldn't bite. I cheered when they politely declined.
It's good to have a job where you can choose your clients.
While in theory I agree with the designers of said software being liable for the flaws therein, to what extent are we to pursue them? If I, as a coder in a firm unwilling to compensate me for the time, energy and resources necessary to produce good code, and they push for, and accept badly designed products, am I, as the actual creator to be held liable? Or would it be acceptable to go after the upper management types who accepted said code in the first place? A little perspective needs to be used here before we start screaming for the heads of those responsible for insecure software.
Don't park drunk, accidents cause people.
Your point is noted, but the author is speaking of the collective crappiness and the fallout that will occur.
I just spent the last 3 weeks cleaning up crappy programming from one of my project-mates. Pick something - not closing db connections, 18 points where infinite loops could occur (!), 48 cases where error points are ignored they didn't exist, and the program continues. In a program that is 60Kb of bytecode! I'm already rewriting code, and this is the first release!
This is not a low budget, miniscule project. But still, one bad grape and the whole bunch goes. Time and time again.
So for everyone chanting "hire experts!", count the number of truly solid programmers you know, and drum up a percentage against those you know that suck. For a while there, the industry was stretched across ALL of those people, good and bad, and dying for more techies. Do you really think that the good developers (i.e., the ones who know to slow down and get it write the first time) can take up the entire load? Do you think industry is gonna wait for these experts? Now how about CMM level 4+ rated groups versus all those developing code. Rinse repeat.
On a more humorous note, the budget problems would probably all disappear if it weren't for Slashdot, but I'm not exactly out to kick my habit...
You are checking your backups, aren't you?
This is the same as the school system admin who sets up a mail server for the school but fails to restrict its use to only the school's IP space. Suddenly it's discovered as an open relay, published on web sites, discovered by spammers, and they find their IP space in a black hole.
They're puzzled wondering why their network is sorta-broken. Most web sites work just fine but some don't. Everybody can send out e-mail, but people are complaining that the messages are bouncing half of the time.
When they discover they've been black-holed, they don't understand why they're being punished for the actions of spammers that they think are out of their control. They want to what they spammers are doing with their network to be illegal, and they want the lawyers to make the problem go away.
Oh, all the trouble a little security knowledge could save.
that's the thing you see, trusting the client is plain wrong and assumptions made with that model will get you in trouble.
plan9 offers a model that doesn't require trusting the client. It runs a dedicated authentication server and a dedicated CPU server and a dedicated file server. The three talk to each other behind the client's back.
http://plan9.bell-labs.com/sys/doc/auth.html
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter