Subject: Re: [SC-L] How do we improve s/w developer awareness?
Date: Thu, 2 Dec 2004 12:52:35 -0800
Precedence: bulk
Mailing-List: contact <[EMAIL PROTECTED]> ; run by MajorDomo
List-Id: Secure Coding Mailing List <sc-l.securecoding.org>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://www.securecoding.org/list/>
List-Unsubscribe: <http://www.securecoding.org/list/>
List-Help: <http://www.securecoding.org/list/charter.php>
List-Archive: <http://lists.virus.org>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]

I think we also have to realize that bridge building has had centuries of 
time to evolve, and learn from its mistakes. Secure software engineering as 
a discipline is still in its infancy. I would love to see the quality of 
bridges in its first 50 years of development.

That's of course no excuse for the current state of software development. 
But comparisons like this are like statistics... 86.12345% of them are made 
up, or have no sane correlation.

----- Original Message ----- 
Sent: Thursday, December 02, 2004 8:25 AM
Subject: Re: [SC-L] How do we improve s/w developer awareness? 

>I have to say I find your comparison between bridge engineers and software
> engineers rather troubling.
> In response to your question:
>  'Would you accept "it was too hard to do a stress analysis" from the
> engineer designing a bridge?'
> I think, regrettably, we probably would do these days.
> Remember that little incident in 2000 when the London millennium bridge 
> was
> closed immediately after opening due to excessive wobbling when people
> walked across it? I can't guarantee that my recollection is accurate, but
> I'm sure they were trying to put this down to that software classic, a
> 'Design feature'.
> Seems that far from Software Engineers taking the bridge engineers
> approach, we may be seeing the exact reverse happening. :-)
> --
> Graham Coles.

Reply via email to