[NTLUG:Discuss] Washington Post article

Chris Cox cjcox at acm.org
Thu May 23 18:03:40 CDT 2002 

Warning: passionate responses within...

Ward Networks wrote:

> Monty,
> 
> A little balance here amigo?I can see that you are passionate with this 
> subject but ALL code is equally vunerable, I have specific engineering 
> applications published in 170 countries ? there have been clever 
> individuals from 5 continents whom I have worked with over the years 
> that can penetrate just about any situation you can rig together with 
> any OS. MS gets more attention because it is the prevelant system in 
> place today?as Linux becomes more prevelant in the market place, you 


This has been the current line of "higher" thinking going around.
However, the argument is fundamentally wrong.  Free (that is in
terms of source) software is examined by much more people than
proprietary software and having managed QA for one of the top 10
SW companies in the world, I can tell you that quality increases
as bugs are discovered... not covered (which seems to be Microsoft's
mantra).

The more bugs you find... the better my code will be vs. Microsoft's,
please do not mention the bugs philosophy.

> will see the same vunerability learning curve that MS has been 
> consistantly dealing with as more people out there decide to hack the 
> Linux system.  The plus side of the situation is that many more people 
> will be detecting and closing the loopholes on the Linux side but the 
> professors statement is thouroughly correct, there is no silver bullet 
> with Linux or any other system availbable today.


Bring them on!  Hack Linux... hack it a alot!  Please try to find
every conceivable bug in the kernel and supporting packages!  Let's
build the biggest QA staff ever! (have I made my point yet?)

If you want a silver bullet, you've got to allow everyone the ability
to examine every aspect of what you are doing.  Community developed
free software should beat commercial products in almost every situation
(the ones that are off limit due to patents excluded... sigh).  I
have not meant too many developers that were capable of writing code
that NO ONE could possibly comprehend... there are always people that
are better, or at least on peer level that probably should look
at ones code.

Good testers are hard to find, even when looking specifically for
that type of person.  I find that a good tester often times doesn't
even realize that they have the knack for finding problems.  And
unfortunately in our world of "corporate SW", we have declared
testing to be the field of pursuit for those who could not attain
the higher state of being called "SW developer"... thus, no one
wants to pursue the art of improving SW quality.

With free source software, everyone has the opportunity to be a
tester, a fixer, an experimenter, an analyst, a documenter, etc.
And... you're more likely to find a truly motivated "employee".

> 
> My personal viewpoint is that the government should use Linux because I 
> would like them to use less of my tax dollars but the issue is of little 
> difference from a technical perspective.


Yes... $$$, this is also a valid point.... and technologically, yes,
there are similarities, but the model of development is radically
different and I think quality comes from enabling people instead of
disabling them.

My two cents,
Chris

More information about the Discuss mailing list