[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <458BB19E.23297.B0A4AA54@nick.virus-l.demon.co.uk>
Date: Fri, 22 Dec 2006 10:21:18 +1300
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [WEB SECURITY] comparing information security
to other industries
Jason Muskat, GCFA, GCUX, de VE3TSJ wrote:
> People, programmers, computers, software, design patterns, systems, and
> infrastructure are constantly changing, often being reinvented. As such,
> will never be stable.
>
> Concrete of a type is always the same and therefore predictable. One can
> state with certainly that a concrete slab will perform to design. This will
> ever be possible in IT.
>
> Many commercially produced software products donĀ¹t have any warranty. Many
> even state that the software is not warranted for any function or purpose.
That's _because_ software makers argued long and hard for a special
exemption from most standard producer liability regulations and laws,
and in many cases also for protection from consumer protection laws.
They made this argument mainly along the lines you opened your comments
with -- "everything is so complex and forever changing that if we had
to do proper design, specification and testing we'd never produce
anything and meeting those normal legal requirements would make
everything ever so much less innovative and slower and only the very
largest companies could ever afford to even think about writing
software".
This -- particularly the "cost will bury us" part -- is _still_ the
main argument the OSS folk make against any and all suggestions that
software liability rules should be tightened up.
Thus, as NOT providing such guarantees is legally sanctioned, you
cannot really use it as an argument supporting the "any old slop we put
on the disk will do" approach we have sufferred from for far too long.
> ... The fact that the software does something that one thinks it should do
> is incidental.
Yep.
Given you seem so strongly in favour of the current "couldn't really
give a shit" view of software "quality", you'll be rushing to sign my
petition requiriung all university and other educational courses in
"computer science" to change their names to "computer art & craft" or
"computer guesswork" or something similarly accurately describing their
professional endorsement of hit-and-miss, slop it all in a bucket then
pour it through a compiler we especially dumbed down to not give a rats
arse about quality approach, and for "software engineering" courses to
similarly remove their abuse use of the term "engineering"...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists