[funsec] truth is for Admins
chris at blask.org
chris at blask.org
Mon Oct 26 18:18:12 CDT 2009
--- On Mon, 10/26/09, Nick FitzGerald <nick at virus-l.demon.co.uk> wrote:
> Is that really any kind of an excuse for the perpetrators of what is
> increasingly, and laughingly, called "software engineering" to continue
> to execute the extremely crappy "art" that is still their stock-in-
> trade, despite decades of "whoops, we should have seen that
> coming" history?
> "No-one gets killed by our shite software so it's pretty much OK".
I'm fairly certain that's exactly not what I said.
Look, designing a security system for a given large network that at all times accounts for every single possible combination of the manifest imperfections of both users and non-security engineering activities would require - in my estimation - systemic advances akin to those required to fully automate and render accident-proof (not "accident-resistant") the national highway system. That would mean: rendering each vehicle (end device) redundantly independently fail-safe from accidental, intentional and incompetently dangerous behavior; making each road and intersection (network segment and connectivity device) fully aware of all contingent traffic conditions and their implications and able to communicate with and enforce behavior of all pertinent vehicles; management systems (management systems) that are both holistically capable of comprehending the totality of the past and present states of the highway system and simultaneously incapable of issuing any
incorrect directive to any part of the system at any time, even when compromised.
Such traffic systems will, in the end, come into existence. I just wouldn't hold my breath (or anything else) waiting for them.
The point is not that it is OK to build shite cars (or software), the point is that we will have to do the best with what we have despite the shortcomings we are presented with at any time. That will include engineering the best solutions we can, providing the best training we can, putting anti-phishing slogans on coffee mugs and doing whatever else we can think of.
Finally, I specifically did not say "No-one gets killed by our shite software", or that that would be "pretty much OK". Shite software does in fact kill people in some rare cases even today, and we are more and more moving into a world where shite software (and shite implementations) will increase the risk of - as well as the actual occurrence of - people being killed by computers. There is specifically nothing "OK" about that. However, there is nothing "OK" about people dying in cars, either (including the cars that will increasingly kill people due to shite software in them). But until the aforementioned flawless cybernetic traffic system is completed (after I am well dead and buried) those who choose to attempt to limit death in motion will have to live with the fact that they will be experiencing non-zero failure rates.
So will we.
More information about the funsec