Slashdot Mirror
Oracle Exec Strikes Out At 'Patch' Mentality
An anonymous reader writes "C|Net has an article up discussing comments by Oracle's Chief Security Officer railing against the culture of patching that exists in the software industry." From the article: "Things are so bad in the software business that it has become 'a national security issue,' with regulation of the industry currently on the agenda, she said. 'I did an informal poll recently of chief security officers on the CSO Council, and a lot of them said they really thought the industry should be regulated,' she said, referring to the security think tank."
Oracle are (rightly or wrongly) worried about competition from Open Source. Regulation of the software industry would be a major benefit to them in this. Anyone who didn't meet the regulators' criteria couldn't compete.
In other words, you should make your choice not on merit, but on a short list of products from an exclusive club. There is a ring of corruption to this G
Maybe if EA didn't run its coders in to the ground, they wouldn't need to go on to the patches...
Czech language for absolute beginners
Of course the "patch, patch, patch" business plan is bad for consumers. But in truth, most software companies don't care about consumers. They care about making money. As it happens, most people really don't care enough about the subject to make the companies change.
One of the examples in the article asks, "What if civil engineers built bridges the way developers write code?" and answers, "What would happen is that you would get the blue bridge of death appearing on your highway in the morning." The difference here, however, is that civil engineers couldn't get away with making rickety bridges. You would find public outcry if it broke while people were on the bridge. In the software world, however, they scream and the companies just fix it with a patch and it shuts the consumers up. Saves a lot of money and time in testing at companies.
this explains all....bunch of slackasses!
We played dungeons and dragons for 3 hours.....then i was slain by an elf
One thing I see all the time is code that doesn't matter is under total scrutiny. So what if there's an exploit in the gimp? If your machine is properly firewalled in (for a regular home user), and you're the only one using it, what does it really matter?
Hunting down these things is nice, but not necessary in a lot of cases.
Wow, really nice slice on the Brittish.. FTFA
She claimed that the British are particularly good at hacking as they have "the perfect temperament to be hackers--technically skilled, slightly disrespectful of authority, and just a touch of criminal behavior."
It seems to me that the F/OSS industry has shown that fast, and effective patches can be applied, and that software we pay for has less then reasonable responses to such threats. I use F/OSS and I'm quite happy with the response they have to software problems. I don't expect it to be of NASA quality, just to be good, and it is. For the amount that you have to pay for Oracle et al, you expect fast resonses on problems. The problem is that they don't respond fast enough. There is NO bullet proof software, though I give a hat nod to the guys that wrote the code for the Mars rovers. Certainly, Oracle isn't showing that they deserve the price they demand, at least not in this respect.
I might be off topic, but all the F/OSS that I use, delivers what I pay for AND MORE. The software that I have to pay for is lacking. When you pay thousands of dollars, you expect patches in a timely manner, and before you get hacked. I think this is a big reason that F/OSS will continue to win hearts and minds across the world. Despite the financial differences, F/OSS actually cares, or seems to, and they do fix things as soon as they find out, or so it seems to me. They have a reputation to uphold. Without it, they will just wither and die. It amazes me that investors, stock holders, and customers are willing to wait for the next over-hyped release of MS Windows while they suffer the "stones and arrows" of the current version. It appears that no matter how bad commercial software is, people rely on it. Yes, of course there is more to the equation than this simple comparison, but I think this is important. If you weigh what you get against what you pay, F/OSS is a good value. The argument is old, and worn, but ROI is a big deal, and patches make a difference to ROI.
Is it really what the software industry needs? A set of rules to make things bullet proof.. which of course won't ever happen. That kind of mindset is totally wrong, even though the sentiment is in the right place, you can't regulate quality in this regard. Sure, you can make sure that all gasoline is of a given quality, but I don't trust the government to test and regulate software. The US government already has a dismal record of keeping their own house in order on this account, I don't want them telling me how to do anything or what I can and cannot sell, never mind what I can give away for free under GPL.
Support NYCountryLawyer RIAA vs People
Most "engineers" are mechanics. It is indeed time that the software developers, in fact everyone in the industry started to act in a more professional manner, that means understanding the principles, designing and building systems which are known to be able perform to specifications. When I say known, I mean modeled and tested.
You can start taking the profession seriously by joining your local professional engineering body.
Deleted
Re: "Chief Security Officer Mary Ann Davidson has hit out at an industry ... wedded to a culture of "patch, patch, patch," at a cost to businesses of $59 billion"
So, if people pirated software, instead of buying it, there would be no need for vendors to provide patches and business would be $59 billion richer.
Reduce, reuse, cycle
"I did an informal poll recently of chief security officers on the CSO Council, and a lot of them said they really thought the industry should be regulated,' she said, referring to the security think tank."
Funnily enough, I'm just now reading Darrell Huff's book, "How To Lie With Statistics".
The problems with her poll are manifold.
Firstly, her group is composed of securiy officers who are on the CSO Council; might their views differ from security officers not on the Council? perhaps tending to be more of the belong-to-an-organised body sort? might perhaps therefore be predisposed towards regulation?
Secondly, of the officers on the Council, which ones did she ask? all of them? or did she have a bias to tend to ask those she already knows will agree? perhaps those who found it rather boring and aren't quite so pro-organised bodies just don't turn up at the meetings.
Thirdly, what's her position in the organisation? if *she* askes the question, are people more likely to say "yes" than they would to another person?
Fourthly, are people inclined in this matter to say one thing and do another, anyway? e.g. if you do a survey asking how many people read trash tabloids and how many people read a decent newspaper, you find your survey telling you the decent newspaper should sell in the millions while the trash should sell in the thousands - and as we all know, it's the other way around!
Fifthly, even if the views of members of the CSO Council truely represent all security officers, and even if they were all polled, who is to say the view of high level security officers is not inherently biased in the first place, for example, towards regulation?
So what, at best, can her poll tell you? well, at best, it can tell you that chief security officers who regularly turn up at meetings will say to a particular pollster, for whatever reason, and there could be widely differing reasons, that they think regulation is a good idea.
Well, I have to say, that doesn't tell us very much, and that's even assuming the best case for some of the issues, which is highly unrealistic.
http://www.oracle.com/technology/support/patches.h tm
Whose patches are infamously known to break stuff, released in 6 month batches (maybe just a mite too spaced out?), and so infamously poor at actually patching their bugs that they currently have an open, publically known 0day with no patch, because they screwed up patching it last time and it's still open?
And they think security patches are a poor model?
Maybe that's why they put so little effort into them. Maybe that's because they put so little effort into them. Maybe some people think of it as bridge maintainance, and they want to build the bridge perfect every time? When they can't even get patches right when they have six months between them? Fat chance.
Honestly, out of the people in the software industry, even Microsoft do a better job, security-response-wise, than Oracle. And when you're behind Microsoft in that department, you've really got a problem.
They need to make a serious effort at security response and treat it like a real priority, not show-ponying about regulation when, if they were regulated, they would still be completely unable to respond, but would point to poorly-drafted regulation as "tying them up in red tape".
She claimed that the British are particularly good at hacking as they have "the perfect temperament to be hackers--technically skilled, slightly disrespectful of authority, and just a touch of criminal behavior."
Sums me up perfectly old boy (well maybe not the technically skilled part)
This infuriates me to no end, when people use references they saw on the back of a cereal box beacuse they thought it was cute. FTA:
"What if civil engineers built bridges the way developers write code?" she asked. "What would happen is that you would get the blue bridge of death appearing on your highway in the morning."
Im sorry, but there are crazy people scanning my highway for open ports and i dont see script kiddies pinging my roads. Graffati aside, they are left alone. Code that is written works just fine if people dont try to over flow buffers and install rootkits. The bridge I see out of my window is fine because people dont hit it with sledge hammers.
Just my 2 cents . . . .
Since when does being a Socialist mean 'someone who has a different opinion than me'?
People outside the software development field really do make an awful lot of assumptions about the number of things that can go wrong in millions of lines of source code. Specification versus implementation is a tricky beast by itself.
If they really want to follow through with this talk, they'd better be prepared for the design decisions that go along with it, code reuse most of all. One thing that I think is particularly detrimental to code reuse is a proprietary model where the OS and every software vendor re-invents wheels over and over. You're going to need more open specs to change that.
If this is rooting for regulation of the software industry, beware. The big guys have a lot more to gain from this than the small innovators and startups. Who would really want to take advise from stereotyping wags like that anyway?
I really don't get all the negative comments. I think it is high time that people really start to address this issue and I can only applaud her for doing it.
Lack of security, lack of taking responsiblity and the relience on customers as beta testers really is a big problem in the software industry and as she rightly notes, it's going to have some serious repercussions for this industry.
So, if you want to avoid these, get your act together.
Do something about the problem, but don't shoot the messenger!
Often, when consumers are given the choice they prefer to have software sooner, even in a beta state. We joke about how official releases have made us all beta testers, but that doesn't seem to stop us from purchasing software.
Industry regulation is a very bad idea. It will cripple OSS development. It will place an unnecessary burden on taxpayers to fund the red tape. Furthermore, wouldn't regulation somewhat require the regulators to in the end have access to source code?
Do you think major corporations are just going to hand over source code? Can you imagine the leaks?
Lastly, the government has time and time again demonstrated they have little to no understanding of technology. Do we really want them making sweeping decisions regarding software?
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
They are the company who have the worst user interface tools on the planet.
The GUI's would have sucked in the 1980's.
Every SQL statement was designed by a dfferent person, with a different syntax.
If the guy expects us to assume he is an authority on the subject, he should clean up his own rubbish first.
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Sure we should regulate, for instance any company guily of releasing software generating more than 10 Million should be banned and forbidden to operate.
So we would get rid of Microsoft, and probably most of the closed source companies.
While it makes sense that a system integrator using some software to drive a peace maker should follow more stringent rules, than a game developper, "regulating the industry" is just a short hand for: "removing anybody that could be a new threat for us".
I'm sure Oracle would love to "regulate" mySQL.
Britannia's pwnz0rs r0x.
British h4xx0r5 r so l33t they
pwn3d t3h b0x.
Well, patches are not nice and of course it would be better for customers if the product would be perfect from the start. It's true that the most software products are buggier than, for example, fifteen years ago. On the other hand, there are several reasons for the (lack of) quality of the modern computer software. Tight dead-lines, investors, competition, to name few. And of course it's always possible to cast some blame to the software engineer.
However...
I don't like that she is using age-old classics for fear mongering. "National security" and the bridge analogy to be specific.
Bugs themselves are rarely the problem when we are talking about "national security". For some odd reason it seems that people have forgot the importance of physical separation of the public network and sensitive information / infrastructure. It's stupid to blame the tools if the user is an idiot (and in this case I mean those "chief security officers", who design these braindead infrastructures for corporate networks).
I don't understand how anyone in their right minds could suggest any kind of regulatory system for the software quality. It's practically impossible to control and what if there is some sort of accident caused by some regulated and "certified" product? Is this certification (or what ever) a free pass for the software provider? This would turn to be an ultimate disclaimer for the software companies. Or - the other way around - the ultimate responsibility, which would lead to the point where there are no more software engineers because there is too much personal responsibility involved.
Besides, in my opinion, Daividson insults British people pretty badly and describes them as "slightly disrespectful of authority, and just a touch of criminal behaviour." I think that's not a very professional comment.
Anyway, this is what I'm thinking about of this whole article.
The difference is that software is expected to be cheap, released fast, and to run on all kinds of platforms. Sorry, that leads to errors. You can have software that never needs patching, you just have to take some concessions:
1) Development cost will be a lot more. You are going to have to spend time doing some serious regression testing, besically testing every possible compination of states that can occur. May seem pointless, but it's gotta be done to gaurentee real reliability.
2) Development time will be a lot more. Again, more time on the testing. None of this "Oh look there's a new graphics card out, let's get something to support it in a month." Be ready to have years spent some times.
3) Hardware will be restricted. You are not going to be running this on any random hardware where something might be different and unexpected. You will run it only on hardware it's been extensively tested and certified for. You want new hardware? You take the time and money to retest everything.
4) Other software will be limited. Only apps fully tested with your app can run on the same system. Otherwise, there could be unexpected interactions. The system as a whole has to be tested and certified to work.
5) Slower performance. To ensure reliability, things need to be checked every step of the way. Slows things down.
If you aren't willing to take that, then don't bitch and demand rock solid systems. I mean such things DO exist. Take the phone switches for example. These things don't crash, ever. They just work. Great, but they only do one thing, yoy use only certified hardware, they've had like one major upgrade (5ESS to 7R/E) in the last couple decades, and they cost millions. You can do the same basic type of stuff (on a small scale) with OSS PBX software and a desktop, but don't expect the same level of reliability.
The thing is, if your hypothetical bridge were software (and it's quite simple compared to software) people would expect to be able to put the same design anywhere and have it work, drive tanks over it and not have it collapse, have terrorists explode bombs under it and have it stay up and so on and have all that done on 1/10th of the normal budget.
Until we are willing to settle for some major compramises, we need to be prepared to accept patches as a fact of life. I mean hell, just settling on a defined hardware/software set would do a lot. Notice how infrequent it is to see major faults in console games. It happens but not as often. Why? Well because the hardware platform is known, and you are the only code running. Cuts down on problems immensly. However take the same console code and port it to PC, and you start having unforseen problems with the millions of configurations out there.
Me? I'll deal with some patches in return for having the software I want, on the hardware I want, in the way I want, for a price I can afford.
The whole bridge::software analogy is:
u bstandard_work_and_criminal_misconduct
1. A straw man man argument and a poor one at that. It's not uncommon for civil engineering projects to require "patches" http://en.wikipedia.org/wiki/Big_dig#Reports_of_s
2. An obviously bad analogy, I'm sure the specifics will be discussed here ad infinium.
A server taking a shot from a bullet and still keeps running http://youtube.com/watch?v=mAuKwTDGnCg&search=hp%2 0bulletproof
Nothing succeeds like the appearance of success
This is a highly emotional topic for many people in the business of making software. But let's get beyond that, especially if we want to be 'professional' developers. After all, when you drive a car, do you concern yourself with the pressures and emotional status of the people who designed and built your car? Not likely, and you shouldn't have to. So you know what it's like to be a consumer/user.
Simple logic says that if a problem can be correct, it could have been avoided in the first place.
It gets more complicated when there's 'finger pointing' involved. When there's multiple parties developing the same project. When there are faulty libraries being used. When there are deadlines to meet. When it's just "too hard to do it the right way!" These are not the problems of the consumers. If these obstacles are too much to overcome, get out of the business. (heat/kitchen)
I can't find a single explanation that doesn't boil down to much more than whiney excuses. Nothing has shown that the simple logic is flawed. It still comes down to 'if it can be fixed, then it could have been avoided.' I would truly like to see how it's flawed logic.
Very cool advertisement, but the warrantees notices at the end sort of ruined it... still cool though
Support NYCountryLawyer RIAA vs People
First, bridges are quite a bit less complicated than software. Second, there are numerous examples of bridges that have had structural flaws. Just because they don't turn blue with obvious error codes stamped on them does not mean they are perfect. Bridges must undergo repair periodically, or they will fall apart.
Bridges solve one problem: Supporting X weight across Y distance, taking into account building materials and terrain.
Software is usually far more complex in what it tries to accomplish. Its not merely a matter of being "more expensive" to make bug free software. Its so incredibly difficult, and so labor intensive, thats its actually "cost prohibitive". Meaning that for nearly all programs made, the cost involved in making it bug-free is far more than a company could hope to redeem.
Would you like Microsoft to make a bug-free OS but then sell it for $10,000 per computer, to make up for all the production costs?
That's a typical manipulation move: announce a problem we all know exists, ask "why does not solution X exist that solves it" and then push for solution x to happen.
Somewhere in between the hype surrounding the issue, noone stops to ask themselves "wait, this solution doesn't even prevent this problem".
Liability is one thing, regulation before manifacturing: another. Given how much success government institutions have with software patents, how could we trust our software's security to them?
First thing they'll do is "regulate" the existence of a backdoor for the police/CIA/FBI into everything that resembles software technology with access control.
For software, that is. Building codes and electrical codes have worked pretty well.
If we could measure software quality well enough to regulate it, how much need would there be for regulation? Companies would just specify in their purchase orders "must have 685 mill-pf of quality" or "not less than 3 kilo-Sendmails of security" and the market would sort things out in its usual inconsistent but unbeatable way.
I'm nervous about government regulation partly from spending too much time studying the HIPAA regulations. For one thing there's a requirement that you write down procedures. Then there's "thou shalt have a procedure for updating the procedures". and "thou shalt have a procedure for making the procedures available to those who follow the procedures". After that narrow escape from infinite recursion there's a clause that, after multiple readings, I swear boils down to "thou shalt do what this clause says to do". HIPAA compliance does close some common security holes but at a price that seems excessive even when I'm the one getting paid to do it.
and get modded insightful for it.
Really, your whole post is so silly, it defies believe.
First off, she did not in any way shape or form suggest that her poll, as she perhaps wrongly liked to call it, does in any way meet the requirements for a statistically correct poll.
Further, her argument does not rely in any way on this "poll", no matter how hard you try to spin it.
So what did she do?
She simply presents an argument about the terrible state of security in software engineering and mentions that many in the field agree with her.
To claim that this is lying with statistics is simply absurd and simply shows that it's not enough to merely read books, one should also understand them.
"If the guy expects us to assume he is an authority on the subject, he should clean up his own rubbish first."
*She* should clean up *her* own rubbish first.
Yes, OpenBSD still has a few security patches each version, but thier methodology is far better than many other software developers.
Comment removed based on user account deletion
Actually 4 numbers wasn't enough for Oracle. I have a file (oramts.dll) which have the version 9.2.0.4.1
The ideal system (for the government) is one where we are all criminals.
here is a news flash for you ..
..
..
.. it's counter productive to the sharing of information ..
.. the global corporate interests trying to use them for mass control .. capital commerce .. exploitation .. and profit ..
.. the governments that the corporate and elite controling interests put in power .. wanting to keep information from being available to the general public for scrutiny .. and the general public from discovering the degree to which elite self-interestes .. are behind the corporate economics .. governance and conflicts of the modern world ..
..
..
..
.. and the sudo democratic governments(limited dictatorships) they put in .. and keep in power ..
.. it's bad the bottom line .. and it's bad for being able to keeping the sheepeople in line ..
security isn't a computer or a network problem
computers and the WWW
were never originally designed or intended to be a secure environment
computer and network security is only a problem for
computer and network security is only a problem for
neither of which is really in the true best interests of the general public
or the use of the WWW
for facilitating World Wide communication and interaction of the general public through the sharing of information and knowledge
neither of which is in the best interests of global corporate capital exploitation
it's bad for business
She forgot to say that if Oracle were to adopt truthfulness in adverts and avoid vaporware and prevent charging the cost of a FULL Salon to setup cardboard emplants the industry would be $159 billion richer and we would have all have witnessed the Second Coming with the money...
Sheesh what a rant from a company that is responsible for the Vaporware strategy...
"Doing what i can, with what i have." ~ Burt Gummer
Until they can invent a human that doesn't make mistakes, what Oracle is aiming for is an unrealistic goal. People screw up, so we patch. Mistakes happen, and we patch. Software evolves, and we patch. When a software company has an install base of several zillion, and can't get their act together in terms of reliability, or don't want to, then you have an issue that needs resolving. Patching because of mistakes is part of being human, patching due to apathy and blatant disregard for security is an entirely different matter. Bring forth thy bitchstick.
Join the Slashcott! Feb 10 thru Feb 17!
Is there a list of approved posters or has slashdot decended into a self indulgent clique.
If so do you mind posting this list so as the rest of us can stop wasting our time.
Oracle Exec Strikes Out At 'Patch' Mentality
Posted by Zonk on Monday May 29, @09:40AM
rs232's Recent Submissions,
the blue bridge of death Saturday May 27, @06:03PM Rejected
davecb5620@gmail.com
As a software developer, I lie awake at night dreaming of only having to solve a problem as simple a bridge. It has only one use case: vehicles of a known weight with a known wheel surface traveling in predetermined paths at a predetermined rate of speed. Also, if you dig down deep enough on the Earth, there is always something solid to anchor the bridge. Then bridge developers have millions of existing examples which can be studied and reused.
In software, half the stuff people will do with it were unknown while it was being designed. It's placed on top of existing code (operating systems, existing architectures, outmoded designs) which deceases the stability of your own applications. Runs on systems with wildly different equipment from any test environment available with drivers written by corporate hacks which decrease your applications' performance. Then users use the application with many other applications which can interfere in numerous ways with the other applications while sucking up the required resources (memory, hard-drive space, etc.) your application needs. Which is not even mentioning the malicious attacks by those who only wish to wreak havoc on the systems. Then if any of the myriad of things running on the computer fail, everyone starts screaming that the developers are the problem.
The problem is that people expect the software to perform absolutely flawlessly while doing things that the developer never intended on a wide variety of equipment that cannot not be tested on or controlled by the developer. It's the world of continuous progress. No one changes the use cases of bridges after they are designed. No one every just tacks a few more lanes onto a bridge or decides to make the bridge into an airport runway after it was built. When was the last time someone re-commissioned a pedestrian bridge for railway traffic or built an additional level on the bridge for a shopping mall without significant studies to determine feasibility?
And yet if bridges were scrutinized the same way as software, people would be in an uproar about all the deaths that are only possible because of the bridges: people jump off of them, cars crash over the guard rails, tornadoes and hurricanes wipe them out, and if they are not maintained properly they eventually fall to the ground under their own weight. Books could be filled with the death stories of people killed by bridges. Everyone sees how silly it is to blame a bridge designer when people are not using or maintaining the bridge in the way intended.
This is not to say that there is not badly designed software out there or that much of it couldn't be done better. However, people need to understand that to have completely bullet-proof software would require studying all possible use cases, locking all features and hardware, then designing a system that will perform only those features and nothing else ad infinitum. Of course, that's exactly what a group of mindless, uncreative government regulators will do. I'd rather have innovation and patches and the largest number of technical resources and methodologies available for the problem.
The core problem is that solutions are being locked up by patents and business methodologies rater that allowing all the code to be shared and reused by everyone allowing everyone to benefit from new applications of previous solutions. I don't really expect Oracle to agree since they make a tremendous amount of money from closed code and patents and would really love to kill all new entry into the market. Of course, they don't really believe in making code that works without patching, either, or they would no longer be patching their own supposedly well-designed and executed flagship product. It's just rhetoric and business as usual.
"What if civil engineers built bridges the way developers write code?" she asked. If only all IT projects where well defined as briges plans...
The market should determine the value of a quality product. The only regulation that should change is the ability of software vendors to avoid accountability with the complex EULA. If all the businesses in the world sued Microsoft for the effort to continually patch their software it might just get them to do something. Of course, the cost of the software would rise too, at least in the short term. Secure and bug free code doesn't need to cost significantly more provided you have the correct process and design for quality up front. It seems obvious that Microsoft uses the Beta program and even their initial production releases to test their products. Every release of their OS is cobbled together with wire, gum and duck tape. How about a real security model? How about true multi-user capabilities - not just "My Documents"... How about preventing Rootkit installations period? How is it ok to allow an OS to be so easily attacked and modified without some administrative control? If MSFT and many others approach this topic like a joke, then we need to have our laugh in the courts.
Good advertisement, but it only shows the hardware has enough redundancy to sustain some heavy damage. TFA, OTOH, is about software.
And speaking of software, it's the big weak point in the youtube link you provided. The flash movies in youtube are really annoying to watch. Video is definitely not an appropriate medium to insert in web pages. However, if there is a link to the video file you can download it and watch off-line. I even wrote a small Perl script that I call from inside Konqueror to download videos from break.com. But youtube.com uses flash and that makes it much harder to download separately.
Your server hardware can be bulletproof, but if the software is flash your users will have to accept all the breaks and pauses as the web reluctantly delivers its content to you.
I write the OWASP Guide, which is used by basically everybody as the standard for web application security, and is the official standard of Visa, many governments, and so on.
She talks to CSO's who mostly are bean counters. They see money down the drain from patching. I agree with them - patching is inefficient and wasteful. But it's necessary as Oracle builds crap, buggy and insecure software. They are easily five+ years behind Microsoft in churning out safer software. Buffer overflows, high privilege accounts, public access to highly privileged library functions - all this stuff is easily 10-15 years old and should not be in Oracle 10g, but it is.
Oracle has time and time again outright refused to get on board with a secure coding program, often fixing just the little bug which gained root privileges, exposed all your data, or destroyed the database outright. Instead, they should be searching for all those types of bugs and fixing them in one hit. Davidson has more than enough time to address the root cause
She is holding software up to the standards of bridges. Bridges have tolerances and over-design built into them. Most software does not. Often to make artificial deadlines made by beancounters, software is shipped with bugs. Often the bugs are not found for some time and requires researchers to go find them. If it's not researchers, its the commercial 0day crowd. This is where Davidson shows she is an amateur and must be replaced. It's best for HER customers to be secure, and that means shipping secure software. Shipping insecure software does not prevent the 0day houses from creating exploits. Oracle's reputation as a solid data partner is worthless if we lose all our data to an attacker because Oracle suppressed the news from us, rather than fixes the problem.
It is simply unachievable to build bug free software for a reasonable cost. What is required is care, developer training in secure software techniques, and defense in depth. That is our tolerance and over-design. Oracle is sadly lacking. She has had five years to get their developers onto a program of building this into their platforms, and she's failed miserably. I will be interested to hear what standards they use, and if it's mine (OWASP Guide), or if they do their own based upon ours, or use Microsoft's.
I've called for her to step down more than once. When she attacked the good name of David Litchfield and NGS Software, I was outraged - this was like shooting the messenger that their "unbreakable" software was pure crap, which we already knew - but now know through his unstinting efforts that it is truly appalling and not fit for purpose.
If this latest "push" for too little too late does not work out, she should be sacked by the Oracle board for the good of all Oracle shareholders and customers. She's had more than enough time to make a positive change, and should make way for someone who really understands security.
Andrew van der Stock
that couldn't be done by setting up standards and best practices within the industry, and then testing software and source against those metrics.
It seems like there could be an organization setup to certify software as meeting some security standards. Some people might think this would be a problem for open source, but they forget that there is a lot of money behind open source. I'm sure IBM and others would help foot the bill behind getting linux certified.
The real problem with certification or government regulation is that it might cause innovation to stall in the industry. If an expensive certification process is required for huge classes of applications, then it will be difficult for smaller companies to introduce new products. The way the industry is structured, most innovative products come from smaller companies, which are often bought out by larger companies. If software must be certified, then these companies can never sell anything on their own, and their only hope is being bought out immediately after they have a product, but before they can bring it to market. This keeps such products from being tested by the market before being bought out by a larger company, and makes being a startup so unattractive that even fewer people would be willing to do it.
In other words, regulation might pretty much ruins the whole scheme that has fueled the software industry.
That's a pretty big generalization though. Some qualifications on what regulation or certification would mean could actually make it pretty attractive. Doing security certification for only small classes of products where the market is already pretty solidified could minimize the damage and maximize the benefit. Varying degrees of certification, where the minimal level is within the range of a small companies budget, would certainly help.
Personally, I'd like to see a good faith effort at industry self regulation through certification before we consider government regulation.
"There is NO bullet proof software, though I give a hat nod to the guys that wrote the code for the Mars rovers. "
The Mars Rovers are amazing pieces of equipment, and the software has worked great -- mostly -- but it wasn't bullet-proof code. I can't remember all the details, but the system went bad on one of the rovers within the first few weeks of landing due to a bug (too many files in flash memory), but, as it is supposed to do, it went into "safe" mode and they fixed it by uploading patches. It took them a while to fix because the system was rebooting over and over, many times a day, and they had a narrow window of opportunity to interupt it before the system rebooted again. They then did the same patch for the other rover, which would have been afflicted by the same bug eventually.
The point is, even the Mars Rovers, which can be regarded as a software and hardware success in almost every measure, still had bugs that needed patching. Even "mission critical" software can have problems. As you suggested, the software engineers still deserve alot of credit.
Ah, I did a search and found a few details.
There is NO bullet proof software, though I give a hat nod to the guys that wrote the code for the Mars rovers.
:)
:)
Ah, that would be the software on the rovers that almost cost the mission quite early on then.
FWIW, I believe the rover software runs under VxWorks. It would, of course, be very interesting to see the software - it's a shame NASA aren't likely to open-source it. If they did I could quite imagine a few build-you-own-mars-rover projects popping up on the web.
http://blog.nexusuk.org
Their customers value varporware and bells and whistles higher than reliability when buying a enterprise database. To Oracle, laws against bells and whistles seams to be the right way to squish the competition.
The "bridge" equivalent of consumers' expectation for software would be: a bridge made out of cardboard, with a lot of lights, a coffee-making machine each 100 yards, seven entrances and eighteen exits -- and ways to go from each to each, that can be reconstructed in 15 minutes to 3 hours if it falls, and nobody will mind if it falls every other day. A plain old bridge is 1000x - 100000x more expensive to build, would take one year to get ready, and probably will see maintenance only ten to twenty years after it's ready... It's possible to build it, but no one wants it, so it's not _viable_ to build it.
Anyway, the better software design tools are those that are integrated deeply with the coding phase... But no one wants to use those (say Lisp)
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Worse she is the one shooting the messenger. Hackers are the messenger and when they hack your software the message is you screwed up. She wants to stop the hackers/messengers NOT get her own act together and build secure software from the start.
I can well imagine that Oracle wants regulation against all those nasty people who just give them 1 month notice before publishing yet another security hole. SHUT UP so we can continue peddling software with holes in it that we have known of for years. MS feels very much the same.
Patches are like bandaids being against them is silly. Be against people getting wounded in the first place.
If you are against patches you need to design your software better.
She doesn't want that, she just wants the hackers to go away. This is like banning doctors to make sickness go away.
No this woman is a clueless shill wanting to make sure her company can peddle the same crap protected by security through obscurity. You know like worked so well for software in the past.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
The Real Enemies of Software Reliability
Guess what? Oracle is on the list. ahahaha...
Oracle's Chief Security Officer Mary Ann Davidson should be next on the list, IMO, for once more comparing software engineering to bridge and building engineering.
bridges are simple and its uses dont increase.
Its like one 1000 transitor circuite or 200 line function, thats it.
Liberty freedom are no1, not dicks in suits.
Ah but most bridges don't fall apart that easily. Well no, most bridges are best on millenia old technology. The more advanced designs are designed to very fine tolerances.
Take that "new" superhigh bridge in france. It cannot support the weight of an ocean liner. Would collapse if you blew up one of the pillars and a nuclear strike within a mile would cause it to fall apart. Hell even a simple typhoon would do it.
Ah, but none of those things are likely to happen so the bridge wasn't designed for it.
That is the big difference between software and hardware. Even the simple thing of user supplied data is different. In software you need to check and check again every bit of data to make sure the user hasn't supplied the wrong kind of data. Hasn't the user put a 1 gigabyte of data in a bool field?
In the real world this is kinda easier to check. I think you would notice if a truck instead of being loaded with 10 tons was loaded with 10.000 tons. A clue might be the way its axels are buried in the asfalt.
So the bridge designer only has to design for the entire roaddeck being filled with trucks filled with lead and that is it. He can work with real world limits. The french bridge was really tested like this. It withstood the test and is in theory designed to withstand 2x the load. That ain't much of a tolerance but in the real world you can easily discount such a heavy load ever being put on the system. Someone driving up with an ocean liner on his trialer would draw attentention.
Not so with software. I can put anything I want in this input form and the software better be designed for it. I am not constrained by real world limits.
That is what makes software engineering so difficult, you need to account for every possibility. If you checked a piece of data and wrote it too storage then you need to check it again when you read it. This would be like a bridge engineer testing the steel, then having to check it every day to see if hasn't turned into porridge by an act of god.
Oh and one final note. A lot of software insecurity only happens under attack. Bridges don't exactly last long under attack. Blowing one up is amazing easily. Any army engineer can do it.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It depends how far you want to take it. It could be as minor as just requiring a normal consumer warranty, fit for purposes and so on, not requiring much else in the form of "taxpayers' being involved. If the big commercial software industry insists on patents, then they should eventually be prepared for mandatory warranties if they fail to do it voluntarily.
...with a bridge you usually have few and clear specifications: Connect point A and B, distance D apart. The bridge shall withstand wind speeds of at least X and so on.
With software you usually have not only a huge pile of things to account for (varying hardware, O/Ss etc.) but usually an application has to do more than one thing. No one wants an image application that can only resize images, so you cram in a lot of features (sometimes even more than is asked for because the marketing people are jumping up and down in excitement over it).
In addition, your specs are not always clear, so you guess and try to use common sense, which may very well go wrong.
Finally, in bridges you can build-in a safety margin in a rather simple manner, building gracefully degrading systems in software however is not only hard, you also have to anticipate very weird (as in "how could that ever happen") failure conditions. So, in analogy, the bridge would also have to be build to withstand monster attacks and alien orbital bombardment.
Don't you mean slings and arrows?
... appears to be bad management.
Odd, how bad managers do not write a single line of code, but establish policies and practices virtually guaranteed to provide the fertile ground necessary for bad code to spring forth, and to extinguish the capability to make secure code, buried under the management "fertilizer" to produce bad code.
It's pretty easy to see how this motif extends into other aspects of software quality as well.
How much proprietary software makes use of a tool like Bugzilla to manage bug-tracking? And how much merely uses a spreadsheet to track bugs during development, testing, and production support?
But if indeed that is the case, that bad management is the cause of poor software, then the open source movement should, over time, produce truly superior products, if only because open source has less management overall.
Certainly we should see superior security in open source products, as they are, after all, "open" for review by anyone who cares to take a peek, and can comprehend what he/she is looking at. This culture of development effectively removes managers and makes for a ton of Quality Control folks, actively scrutinizing the product at every stage of software development.
Oracle has a lot to worry about from the likes of MySQL and PostgreSQL, and not from the fact that they have better performance per unit cost. If things continue along the paths they are currently tracking, then in a few years Oracle's customers will be flocking to open source products because they cannot stand the cost of Oracle failures.
The weanies in marketing have determined that 4 levels of numbers look most business-like. Fewer seem lightweight, more seem ultra-geeky. Oracle is 75% a marketing company you know.
Most people don't even think inside the box.
If software was built like bridges!
"What if civil engineers built bridges the way developers write code?" she asked. "What would happen is that you would get the blue bridge of death appearing on your highway in the morning." - Mary Add Davidson Chief Security Officer at Oracle.
If software was built like bridges, we would have a defined starting point and a defined termination point. You could only go from Point A to Point B, or the reverse direction. Spreadsheets could be preloaded with numbers and answer, no need to have user input or calculate the results. Browsers would be designed for presenting one window only, with static text.
There is no need for search engine, because you are only going from Point A to Point B anyway. Your music player would play one song, and it is stored in WAV format. Your job never changes, your bank remains the same, and IBM is the only computer company.
If software was built like bridges, we would not need databases. Databases are used for storage of changing events and a bridge only goes from Point A to Point B. It does not handle changes.
-rwg
If you really gotta talk with me, de-spam the email by removing the _
"Hardware will be restricted. You are not going to be running this on any random hardware where something might be different and unexpected. You will run it only on hardware it's been extensively tested and certified for. You want new hardware? You take the time and money to retest everything."
"I mean hell, just settling on a defined hardware/software set would do a lot. Notice how infrequent it is to see major faults in console games. It happens but not as often. Why? Well because the hardware platform is known, and you are the only code running. Cuts down on problems immensly. However take the same console code and port it to PC, and you start having unforseen problems with the millions of configurations out there."
Apple products cost more, they sometimes take a little longer to introduce bleeding edge technology, and users are (generally) restricted to running on Apple hardware. The result? Solid, high quality, highly reliable, highly secure computing platform, with somewhat higher price points and somewhat more limited selection of software and hardware. And yet most users seem quite happy with this compromise, in spite of Windows fans' incessant comparison of SPECS and PRICES between the two platforms.
I know that desktops aren't exactly the topic at hand here, but I thought the parallels were interesting.
Would I be able to get bug-proof windows for free??
hmmm... dumb...
It's a way for companies to shave money. When you are a business selling blenders, if your blendmaster 2000 has an issue, you ignore it. Fix it in the next model. If your Ford has an issue, you might recall it, but that's extremely expensive. What about software? Bug? Lots of bugs? Don't worry about it! We'll just patch it in the 1.01 release! Oops, more problems, here comes 1.02!
Software developers use The Patch as a way to get a product to market before it's ready. Shareholders don't see this, and they just assume when it goes GM they have their bankroll. Then a month after the main release, their developers are still working feverishly to "complete it". This process contunies for many months. It's borrowing from the future to secure the present. And six months down the road when you are STILL patching it and are not getting a lot of income on sales anymore what do you do?
"That'll be fixed in version 2". Just keep pushing off the work. Hold the carrot out in front of the customer, "This next one will be better! All those problems we just never fixed in vers 1 are fixed in vers 2!" Of course version 2 comes with its own different breed of bugs, just as annoying, and those too will only partly be fixed by the patches. Hang tight, here comes version 3! This time we promisee we'll have all the features working that we introduced in version 1 (that were completely broken token offerings) when you bought it.
Yes, I'm a little bitter on the subject. For the most part it's a scam. Bait and switch if you will. Buy our product today and maybe tomorrow it'll work as advertised. Why do we put up with it?
I work for the Department of Redundancy Department.
I guess I see it both ways. Things can definitely be improved, but we can never reach the quality levels of other engineering or scientific fields. It is good that tools such as UML and design patterns are finally reaching critical mass, but we've seen enough silver bullets to know that new tools aren't the answer. There needs to be real changes in the software development life cycle, on both sides of the fence (business and technical). In most engineering fields, the cost of the engineering is a small fraction of total project cost. Not so in Software Engineering, where the marginal cost to replicate copies is zero. One could argue that software designs are to programmers as blueprints are to construction workers, but that would be a damn expensive design. It is intuitively obvious that modification of a bridge design after construction has begun is going to be very expensive. Some business folks (and some developers) do not understand the cost of scope creep in software, both in terms of rework and loss of design integrity. In most science fields, the most important skill is probably the ability to make verifiable predictions. Developers who really understood Computer Science would never blame "data corruption" during integration testing like they were accusing an unslayable mythical beast -- they would look for the root cause. If they seriously applied the scientific method in their work, they would take notes -- they would comment their code and SCM checkins, they could determine which changes were installed to QA before some bug appeared.
Someone made a comment about how if you build a bridge and it falls you can be held libel, but softwarer you just attach an EULA that says you shall not be held responsible.
What is really being said with such EULAs is that the software insustry is still using roman numerals to do alchemy, or in other words, they don't know what the fuck they are doing well enough to take greater responsibility. And unfortunately lack of responsibility has become such an acceptable norm that there is a notable reduction in the motive to figure out a better numbering system to do math with and get to the hard science of chemistry.
The problems resulting in the lack of such effort are much wider spread than what this oracle article is about. The problem is showing up at the patent office as well in dealing with software patents, which shouldn't exist. Not if you are doing the math right and have abstraction physics being recognized and applied.
But instead what is going on is piece work, patch work or "well this little part works"....which-craft is it?
Given what Oracle's problem _is_, probably what they _really_ want isn't regulation of the "you must prove that your software passes this and that criteria to be allowed to sell it." (Which would also raise entry barriers for competitors.) I mean, really, if you were a company which takes five fucking _years_ to bother patching a security hole, and even then only when an exploit was widely publicized, you're not going to ask for a regulation that'll ask you to pull the product off the market until you fix it.
The kind of regulation they want is more like "you're an evil irresponsible hacker and going to jail if you disclose bugs in someone else's product." Yes, it's security by obscurity. But that way Oracle can happily spew bullshit about being secure and unbreakable, and never have to fix any bugs.
Basically Oracle doesn't give a shit if Corporation X's database is riddled with bugs and exploits. They just don't want the PHB's at Corporation X to know about it.
If it also results in some entry barrier, all the better, but that's not the main goal.
A polar bear is a cartesian bear after a coordinate transform.
Friends don't help friends install M$ junk.
To get it right the first time?
We know that will never happen. I mean, to get it right the first time requires months or even years of beta testing using a very LARGE user base in order to get all the quirks and holes and issues out of the system.
It is arrogant to assume that ANY group of programmers can get it right the first time while developing software, and its not to discredit the quality of programming they are offering. Management is largely at fault for why software products fail to work right out of the box. Management decides when a product is shipped, what features go into the product, and ultimately, at what point does a product have few enough bugs to be shipped.
I think it is laughable that an Executive at some company thinks patching is wrong. Most likely, she has been responsible for some problems and boners at Oracle that have required patches or updates.
Software has become too complicated to ensure you have the perfect build being shipped for sale. You can't take a multi-million line application and expect it to work perfectly in the dynamic environment that is an end-user's computer. You can't anticipate that the end user might install some other software that might enable a security hole in your own, you can't anticipate that hackers might find a way into your meticulously crafted security protocols. You simply cannot anticipate what will happen to your software the moment it leaves you build box. A GOOD company will release stable and secure software, but ensure that ANY unanticipated issues are patched quickly. This is SIMPLY the NATURE of the game.
Adding regulation to software development will destroy the industry, period. If it requires a 3rd party to review the software and test it before it gets a stamp of approval this will unnecessarily add months or even years more to the development cycle. Any government regulatory board will be swamped with numerous pending software releases, and they won't be able to handle the sheer amount of quantity of software being released. Also, a regulatory board, even made of highly trained software engineers, will not be able to fully understand every piece of software they are given to test. Unlike a Civil Engineer whose building techniques were literally set in stone thousands of years ago, software engineering is forever changing and adapting, a single person cannot keep up with all the new concepts implemented in software design. In the end, a software regulatory board will be even less effective then the current mentality of software patching, because in the end, the regulatory board will put their seal of approval on a faulty product giving end users a false sense of security. Patching that product will take months because the patches will have to go through the same regulatory process.
It is arrogant for CSO Mary Ann Davidson to make wide sweeping comments about the state of security and quality in the software industry. Oracle isn't standing a the head of the field with perfect software. Look for Oracle Security Patches in Google and you will find pages and pages of links patching Oracle's products. If you are frustrated with patching mentality, clean up your own house. ANY company offering better quality and more secure software right out of the box will be recognized quickly and will quickly rise to the top in success. But you can't yell from the gutters that things need to improve without looking around you and realising where you are.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Questions get asked... but when it comes to women & managers... there is really one one "right" answer.
Anything else, and you are a nay-sayer or "not a team player."
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Oracle is the last company that should be complaining about patches. Not only are they slow to address specific security holes, but they are constantly releasing patches! My biggest customer that I consult at spends at least a week every quarter on just the patching of Oracle.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
One almost insurmountable problem that software developers face is that software has to be perfect in order to work. Bridge builders don't have this problem; if a rivet isn't positioned properly, other rivets serve as backups. Developers can't write a backup subroutine that kicks in if the first one fails.
Another problem: a software company that tests and re-tests until all bugs are eliminated will quickly go out of business. Other, less picky companies will get their software out first and capture the market.
Given these difficulties, it's no wonder that there are problems with software.
A lot of people have made quite a few good points already, so I'll just chime in with one I haven't seen yet: software will never be regulated (at least not in the near future).
Why? Because despite their comments to the contrary, execs and managers don't want regulation. Why? Because regulation and enforced quality control, as in civil engineering, would wrest control of software development from managers, and place it in the hands of professional, certified engineers that would be entrusted and liable for product quality.
Managers and execs don't want to lose their control, and they don't want costs to quadruple (as they no doubt would to ensure sufficient robustness). They want rapid development schedules, and they want control over how and what gets developed. To a certain extent, this is inevitable as the software market fluctuates far more rapidly than the civil industry; no one is looking for the next bigger and better bridge or building every 6 months. Software is often superceded many times a year.
Higher Logics: where programming meets science.
This is very ironic coming from Oracle, since Oracle Apps sets the standard for "patching hell".
Rather than making regulations that force companies to release a patch X months after an exploit is found, software companies should instead be held liable for actions of gross negligence or incompetence. For example, not employing whitelists, poor priveledge separation, running a ton of uneeded services by default, etc.
That pretty much sums up your argument. Hindsight is always 20/20. What you seem to be missing is that the effort to find *some* of the bugs, before they actually manifest themselves, is prohibitive, so saying that because bugs happen in the future that means they are fixable in the present, is a childish oversimplification at best.
I'd really love to see what politicians are going to do to improve software quality.
No Sigs!
The largest program proven correct with respect to its specification is 140000 lines, which is 'tiny'. Anything larger contains a defect; if you fix it, it still contains another defect.
Software on public Internet has to be fixed, otherwise the defect will be found and exploited. Generally not to the bill-payer's liking. You have to have someone who can diagnose the problem and make the change to correct it.
Main problem is, not enough kids are learning how to program computers. Requiring a 'computer programming licence' is going to get in the way of 'computer literacy'. Threatening people with jail and financial ruin likewise.
Bridges aren't engineered to last forever. They have design lifetimes, too.
Commercial software should be regulated be applying customer protection standards, like in case of any other products: regulation should restrict commercial software makers "right" to refuse liability for their products.
On the other hand, Open Source software can not and should not be regulated the same way: you get it for free, you are not really a customer. Standard customer protection principles don't apply.
How in the world was the GP modded +5 insightful?
By the GP's logic, regulation of the industry will either help, or won't hurt, Open Source at all. That is obviously absurd. Take, for example, a completely unregulated developer, outside the U.S., in Finland who decides to create an Operating System called Linux. It strikes me that any regulations here on Operating Systems would prevent many businesses from deploying it, and thus limiting its adoption (particularly on servers) significantly.
This is what the closed source companies would like. And was the original point before the GP took the subject off on a different tangent.
The best way to predict the future is to create it. - Peter Drucker.
I thought she was spot on with her comments. It seems like the /. programming crowd just doesn't want to hear it.
There are way too many programmers/developers that think that they can code, and they just can't code that well. Too many other developers have to spend time cleaning up their code. Managers think that all people code as good as each other and don't allow time for bug fixing.
Programming in C and C++ also hurts products because a good chunk of programmers are not skilled enough to use these. They leave bugs and holes in their code. They need to move to Java or C#, etc. more suitable to their high level skill set.
It's almost like people are saying & acting at being accountants and lawyers without any real training, standards or guidelines.
Eventually there will need to be a professional qualification before touching low-level code, if code is going to be all important in our future.
Imagine if Oracle was in business of building bridges, would the bridge roll-me-back from the dead if it collapsed, because a bird put a nest on a wrong pillar?
--
Seriously though, I think this lady should stick 'regulating' her company and leave the rest of the software world alone. Let her regulate the tight deadlines, the feature creep, the useless management, the 'do it by yesterday at any cost' mentality. I think if she tried doing that, she would better understand exactly what really needs to be regulated.
You can't handle the truth.
Mars Rover, mars schmover. For real quality code, you want to look at NASA's stuff from the 60s/70s. Voyager being possibly the ultimate in keeping going no matter what (very useful fallback behaviour when components fail, for example).
And I believe they did release the source to that. I think my g/f said that she had seen a copy a few years back. (But maybe she's a leet haxor dudette, and snarfed it clandestinely?!)
FatPhil
Also FatPhil on SoylentNews, id 863
It is honestly impossible to come with more fluff than this Mary Ann Davidson. Talk about sounding like a politican and having nothing of substance to say on the technology front. "chief executives who are complaining that what they are getting from their vendor is not acceptable, in terms of software assurance," Davidson said. May Ann, where were you in 2000, 2001, 2002, 2003, 2004 and 2005?
Not sure about anyone else, but I definitely saw "patches" on my street while going to the store... There are quite a bit of em, all those pot holes, and also numerous cracks from semi-trucks. Yeah our roads are surely "bug" free, and "patch" free. Civil engineering projects not needing patches doesn't really make sense when you start to look at how our roads actually are and how often we complain about them.
All that needs to happen to cure the problem is the removal from the industry of the protection it seems to have built up against incompetance and faults, in no other industry will consumers put up with companies in effect saying "whatever happens its not our fault, and anyway because you opened the box you absolved us of any possible liability". ie make EULA's illegal rather than just unenforcable. The USA needs a system like the UK and most of Europe where you cannot remove certain basic consumer rights , such as 'fitness for purpose' through any agreement.
Testing all possible combinations of states would take unimaginably longer than the lifetime of the universe, so requiring that kind of testing would guarantee that no software ever got released, thus completely protecting us against new bugs.
"you wouldn't get on a plane built by software developers"
lol. every modern plane is developed using CAD and most have computerized instruments now.
the correct statement is
"you wouldn't get on a plane built by oracle"
Used to be, that described Americans just as well. It's a shame we've become such sheep that the stuffy old British
It isn't particularly convenient this way, but takes 5 minutes and you only download each once.
This is facilitated by a link off of the homepage of one of the largest usergroups , HAL-PC.org
Critical Updates
When Microsoft goes !Live! with just Windows web Update ... Voila, it's not a patch anymore.
There _are_ ways to:
1. Design a program defensively. E.g., if you make a habit of checking your parameters and border conditions every single time, instead of coding some clever speed optimizations, you'll have a lot less bugs. Sure, you may be sure _now_ that you'll only call that method with the right parameters (e.g., never with a null pointer), but you'll never know what someone else does with it 6 months for now.
2. Use test cases and really check their coverage. (I.e., be sure that each reasonable branch in the program is taken at least once.) While they can't 100% prevent you from coding bugs right now, they _can_ prevent you from doing a change 6 months from now that breaks something else.
3. Prove the program (or its modules) mathematically correct. E.g., you don't just have to rely on testers finding out that your clever sort function is broken on some weird case, you can mathematically prove that and what the border conditions are.
Unfortunately, yeah, they all require more man-hours and budget. Especially proving it correct can cost a _lot_ more than just letting loose an army of underpaid (or even unpaid) testers on it. Good luck being competitive in the market if you're the guy doing that, and the counter-offer comes from someone hacking together some untested PHP or ASP site with the cheapest guys they could possibly hire.
(Nothing against PHP or ASP. They just have the dubious honour of being thought of as the ultimately easy frameworks that you can just give to a completely untrained guy off the street and have them learn it on the job. Too bad they won't learn good engineering practices or security practices from that exercise, though. It's like giving someone a super-user-friendly drawing program and expecting them to become an architect by just using it. It might eventually happen, but it'll take _years_, if ever, for them to rediscover stuff by trial and error that someone else had a formal education in.)
A polar bear is a cartesian bear after a coordinate transform.
I wonder if she's ever dealt with BT?
I had an argument...with the person here at the university that teaches OS design. I wonder when I'll learn --Linus
So much for conservatives being opposed to "big government". I'll bet half the people who would support this are right-wing loonies who only oppose big government when it helps someone else but are the first to prop up regulation when it helps them. Assholes.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
One man's gash is another man's displeasure.
You mean like that double decker highway that collapsed during an LA earthquake?
That double decker highway that collapsed was in Oakland, and it collapsed during a San Francisco (technically Santz Cruz) earthquake.
I agree with your other points. People do hold software to different standards. Although I also agree with the problem of the "patch mentality". Game manufacturers in particular are doing an awful job lately producing quality software the first time around right now.
http://lkml.org/lkml/2005/8/20/95
A Real Engineer builds the best damn bridge he can, and to hell with the specs. Real Programmers write code the same way. Building to spec is for politicians and PHBs.
Byebye oracle patch day then?
Love the post; it makes some great points! But I'm posting to brag about my awesome bridge. I actually only own the southbound side, due to obscure vagaries of property law, but I'm still proud of it.
It was built no later than 1825 of Brandywine blue granite (the hardest stone found in the immediate area) stacked on the bedrock. Feathermarks on the stone show that explosives were not used to quarry the blocks. It was designed to serve horses and heavily loaded ox-drawn wagons. Sometime in the 1940s or 50s the state came by and black-topped it. It's less than 20 feet wide and the sidewalls are (a lot) less than two feet tall.
Today it carries ten-wheel concrete mixers, 16-wheel moving trucks, constant commuter traffic, and everything else that comes down the road. It has no load limit posted. Sometimes at night local motorcyclists try to hit 100 mph crossing it.
My point, I think, is that everyone should build the best damn bridge they know how. And then, a hundred years or more later, the owners will still be bragging about it. Software's not really so different - do the best you can and tell the PHBs whatever you have to in order to get the job done. Treat the spec as a minimum. People will admire your work and pay you lots of money to work for them. Everybody wins, if you are smart and skilled enough! And if you aren't the smartest or the most skilled, that's no excuse for not doing your best.