Re: Certs [was Re: Presidential Internet Kill Switch]

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

der Mouse wrote:
> > I think in the long run, we're going to end up looking more at
> > certification in the sense that CivEs or EE's look at it - something
> > like professional engineering certification.
>
> I doubt this will happen until and unless the field matures enough that
> it's fair to treat it as an engineering discipline rather than a
> creative art.
>
> That, i'm not sure will ever happen.  (I'm also far from sure it won't,
> too, though.)

The problem is not that we lack the knowledge of how to engineer software,
rather, the problem is that we choose not to properly engineer software. Why?
Here are some of the reasons that immediately come to mind:
  -- There is too much pressure to "get to market" rather than to do a proper
engineering job of requirements definition, functional specification,
architecture specification, detailed design, source code reviews, and extensive
testing. (I worked on properly engineered DoD systems in the 1970s which were in
the 10s of MLOC size, and delivered to the customer with less than a dozen known
bugs.)
  -- Too many software engineers do not want their "creativity stifled" by
design specifications, coding standards, peer reviews, etc. (I remember teaching
requirements engineering to a bunch of systems engineers and software architects
back in the mid 90s. One of the senior architects asked "Why do we need all of
this paperwork bull s***, we have a good idea what the customer wants, why can't
we just start writing code instead of doing paperwork?)
  -- Software quality and security currently do not carry any legal liability,
so management is concerned with neither. If you engineer a bridge and it falls
down, you have liability. If the bridge falls down because of faulty design
software, the software maker has no liability. Until this picture changes, and
software caries product liability requirements, we will never make software a
successful engineering discipline.

My $0.02 worth.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrA7t8ACgkQUVxQRc85QlMicgCeNrG/fK16BaMTXoSpwWS7FKv3
MewAnRM7h5bIanQFGsFd0xZwSzW6LfUi
=W490
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.