--- On Mon, 10/26/09, Nick FitzGerald <[email protected]> wrote:
> Is that really any kind of an excuse for the perpetrators of what is
> increasingly, and laughingly, called "software engineering" to continue
> to execute the extremely crappy "art" that is still their stock-in-
> trade, despite decades of "whoops, we should have seen that
> coming" history?
> "No-one gets killed by our shite software so it's pretty much OK".
I'm fairly certain that's exactly not what I said.
Look, designing a security system for a given large network that at all times
accounts for every single possible combination of the manifest imperfections of
both users and non-security engineering activities would require - in my
estimation - systemic advances akin to those required to fully automate and
render accident-proof (not "accident-resistant") the national highway system.
That would mean: rendering each vehicle (end device) redundantly independently
fail-safe from accidental, intentional and incompetently dangerous behavior;
making each road and intersection (network segment and connectivity device)
fully aware of all contingent traffic conditions and their implications and
able to communicate with and enforce behavior of all pertinent vehicles;
management systems (management systems) that are both holistically capable of
comprehending the totality of the past and present states of the highway system
and simultaneously incapable of issuing any
incorrect directive to any part of the system at any time, even when
compromised.
Such traffic systems will, in the end, come into existence. I just wouldn't
hold my breath (or anything else) waiting for them.
The point is not that it is OK to build shite cars (or software), the point is
that we will have to do the best with what we have despite the shortcomings we
are presented with at any time. That will include engineering the best
solutions we can, providing the best training we can, putting anti-phishing
slogans on coffee mugs and doing whatever else we can think of.
Finally, I specifically did not say "No-one gets killed by our shite software",
or that that would be "pretty much OK". Shite software does in fact kill people
in some rare cases even today, and we are more and more moving into a world
where shite software (and shite implementations) will increase the risk of - as
well as the actual occurrence of - people being killed by computers. There is
specifically nothing "OK" about that. However, there is nothing "OK" about
people dying in cars, either (including the cars that will increasingly kill
people due to shite software in them). But until the aforementioned flawless
cybernetic traffic system is completed (after I am well dead and buried) those
who choose to attempt to limit death in motion will have to live with the fact
that they will be experiencing non-zero failure rates.
So will we.
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
