[Sigia-l] By design or by test?
Boniface Lau
boniface_lau at compuserve.com
Fri May 9 19:39:59 EDT 2003
> From: sigia-l-admin at asis.org [mailto:sigia-l-admin at asis.org]On
> Behalf Of Listera
>
[...]
> You just can't make up stuff like this. It's beyond Security Design
> 101. If the level of commitment and foresight *while* designing
> software is this low,
Whoever developing the software might very well be hacking, instead of
designing. In that case, all bets were off. Time to be reminded of Paul
Graham's observation (http://www.paulgraham.com/hp.html):
PG> Only a small percentage of hackers can actually design software
> there just isn't any amount testing that can expose the full gamut
> of flaws that will surely ensue. So yes, first get yourself 200
> million captive users, test often and test again on Tuesdays. What a
> racket!
Hacking produces results laden with defects. As a bandage for the
symptom, some people do ongoing testing. But ongoing testing
encourages hacking, instead of designing. Thus, a vicious circle.
Boniface
More information about the Sigia-l
mailing list