Will Security Task Force Affect OSS Acceptance?

An anonymous reader writes "An interesting article published by SD Times: "Application Security Goes National" discusses some of the talking points generated by a federal task force that will make recommendations to the Department of Homeland Security. One of these talking points is to license software developers and make them accountable for security breaches. Licensed developers would get paid more as well. The article also mentions that "Executives" might not wish to work with smaller undiciplined partners and a little further down that "Hobbyists create Web services [and] professionals create them" and that "companies relying on critical infrastructure Web services need confidence". Would OSS have to be writen entirely by licensed developers to be considered secure? . Yahoo Finance has another article on the subject." The SD Times article is current, despite the incorrect date on it.

Re:Do they not get it?

[the_2nd_coming]

yeah...is is called Software Engineering.

very few commercial software applications use correct software engineering techniques which is why so many bugs are in the software. medical equipment and air craft equipment and car equipment is tested. re tested and run through all the engineering processes in order to make it bullet proof.

real software engineering is not profitable with out making software cost a bloat load more than it does.

Re:Paraphrase of John Milton

[breadbot]

I believe the word license in this sense is:

3 a : freedom that allows or is used with irresponsibility b : disregard for standards of personal conduct : LICENTIOUSNESS

(from Webster's)

Implying that non-good men love the opportunity to act irresponsibly, which is what freedom offers them.

Professionals system do work.

[twrake]

OSS has no problem with professional certification you get the source, review it, test it and certify it to a grade. The professional would do this or sign off. For closed source the process is the same except you don't have the source or your rely on the vendors professional certification.

I worked summers in an Architectural/Engineering firm before I got my degree for Computer Engineeering in 1979. The real way these firms worked at that time is that the Professionals (Registered Architects and Proffessionsal Engineers) supervised and sign off on the the work that was done by EITs (Engineers in Training - a degress but not yet passed the state boards) and Draftsmen and other technical people. This model can be used for software/hardware as well. There has been little demand or call for a state certified need for computer professionals in the last 24 years largely because the sales force said all the bugs will be fixed in the next "Gotta have" version.

Our social problem is the adoption of CPUs and related software to critical tasks in our society without review or certification for the tasks in a largely sales driven market. Having professionals review installed products would likely trim features and consider whole systems analysis of the effect of additions and changes. In the end this is a good thing because the professional at the install point can specifiy the grade and if the vendor fails he doesn't the the business.

The last point is that the State is responsible for the approval of the Professionals - so in effect the State is taking the work of people it has approved to be and act as Professionals.

In the end this just means a review of some level of quality on the software or hardware installed. We just don't take the word of the vendor.