At 07:27 AM 4/29/2014, d...@geer.org wrote:
| Mechanical Engineering ... Electrical Engineering ... Civil
Engineering ...
| these all are formal disciplines where one may obtain a license stating
| that they know how to apply the principles of the domain of study. If you
| screw up and something fails, it comes back to you in full legal regalia.
|
| Software "engineering" has never been such, and while I do recall studying
| formulas, performing experiments, etc. back in school for things like
| database or graphics performance, there was no formal study of
the way code
| is assembled. Anyone who could make a program that satisfied the criteria
| of the assignment got credit.
Would you go so far as to call for product liability?
--dan
Few physical goods vendors are liable for damage inflicted on their
products by acts of vandalism. There's a reason why the vending
machine at the train station looks and costs differently from a home
espresso maker, or a bus seat from a leather recliner.
I do agree that we are a far cry from engineering. I found the
following story interesting and quite relevant to security work.
http://www.science.smith.edu/~jcardell/Courses/EGR100/protect/reading/59StoryCrisis.pdf
One thing that it made me reconsider is the adage that "security is
everyone's responsibility." Realizing that metaphors have limits, it
occurred to me that in construction structural integrity is not
everyone's responsibility. It is the responsibility of the
structural engineer. Carpenters and metalworkers have to stay
faithful to the plans, but do not need to fully understand the
calculations behind them. Architects need to be conversant in the
field, but still need a real structural engineer to perform the design work.
-Alex
_______________________________________________
langsec-discuss mailing list
langsec-discuss@mail.langsec.org
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
