It took me about 2,000 words to describe the security architecture overhaul that companies need to perform, yet Anderson and Moore describe the key bits in 3-4 sentences:
Conflict Theory Does the defence of a country or a system depend on the least effort, on the best effort, or on the sum of efforts?The last is optimal; the first is really awful
Software is a mix: it depends on the worst effort of the least careful programmer, the best effort of the security architect, and the sum of efforts of the testers
Moral: hire fewer better programmers, more testers, top architects
The case for better programmers and top architects has been made. With regard to testers, this is perhaps less well understood, and it really amounts to the combination of test effectiveness and risk. Static analysis tools make for an highly effective tests on a high risk area (software security). So many security tools do not scale, static analysis does.
I don't disagree with the prescription, and use it myself. But it leaves many questions open.
If everyone searches for fewer better programmers, what happens? Can you identify for me the top architects? How would you advise a manager to do that? How do we encourage a rise of the testing profession? If testers have to wait for code, and coders have to wait while it is being tested ... isn't there a clash here?
Posted by: Iang | November 26, 2007 at 05:12 AM