Now something completely unrelated to VoIP: Reason behind all vulnerabilities in software! I read an article that explained how vulnerabilities are basically created by the fact that people tend to drift from good development principles into practices that are just simply Fun. The engineers among us know that software development can be enormously interesting, something you would happily even do in your leisure time. But can fun be converted into reliable software?
The Article That Made Me Think
"Software vulnerability due to practical drift", article by Christian V. Lundestad and Anique Hommels (2006) attracted my attention because they had cited my old journal article published in the very same publication several years ago. I read it immediately when I received a copy. It had a very different perspective to software vulnerabilities than what I was used to. I wanted to share my thoughts with the rest of you, hoping that you would express your opinion on the topic (comments are welcome!).
The Reason For Vulnerabilities - Take One
I have tended to first divide vulnerabilities in the three basic categories leading to the creation of the vulnerability, based on the phase of introduction: design flaws, implementation flaws, and configuration/integration flaws. Design flaws are mistakes in the principles on how software should work (e.g. understanding customer need and software complexity). Implementation flaws are simple programming errors either due to ignorance, rush, missing quality assurance steps. Finally configuration flaws are mistakes in deploying the software.
Design flaws and configuration flaws are basically always created because of lack of communication between parties involved. Implementation flaws are almost always simple typing errors, or created due to bad skills in programming. Configuration is often a usability issue. Quality assurance techniques try to find all these, but are almost always lacking because of the time-to-market requirements, and bad finances in R&D (lacking QA budget).
The Reason For Vulnerabilities - Take Two
Good software development practices do not create vulnerable software. If strict processes and development techniques are used, there would not be any software vulnerabilities. The reason for vulnerabilities is the deviation from the right path. Strict software development principles are not always fun, and software developers want to have fun at work.
Still, the flaws are created by people. "Hackers" are never good R&D people, and good managers know that. They are good at fast prototyping, and in project management where they are allowed to innovate. Good R&D people are tinkering people, who are interested in small details and quality. A good project is created by combining the best skills of each involved person.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
