(no subject)
May. 13th, 2002 11:48 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
davidschrothI worry, sometime, about the future of my chosen profession. I write operating systems for a mainframe computer (not IBM mainframes, FWIW). Many years ago, after a major investment of time and money, our OS was evaluated as being B1 secure. Since that time, we have RAMPed the OS at least twice (and possibly more times than that, I don't recall). Security was (and reputedly still is) very important to us and our customers.
So, last week (or maybe the week before), the guy who is the security guru comes before our design review board with a proposal for a new design. A design for a new security feature.
The design is, IMO, a disaster. There are security holes in the design that one could drive the Queen Elizabeth II through. Really, really glaring holes.
So the question is raised "Why are you proposing this design?" And the answer given is that middleware writers find it too hard to use the existing security, they want us to provide the same kind of security features as Microsoft.
Which somewhat misses the point of security, as best I can see.
And I'm afraid that this is the future in my profession - software developers will (successfully) demand lower quality from the lower level software, so they'll have an easier time delivering software that has almost as many unnecessary features as it has bugs.
And I'm not really close enough to retirement age.
So, last week (or maybe the week before), the guy who is the security guru comes before our design review board with a proposal for a new design. A design for a new security feature.
The design is, IMO, a disaster. There are security holes in the design that one could drive the Queen Elizabeth II through. Really, really glaring holes.
So the question is raised "Why are you proposing this design?" And the answer given is that middleware writers find it too hard to use the existing security, they want us to provide the same kind of security features as Microsoft.
Which somewhat misses the point of security, as best I can see.
And I'm afraid that this is the future in my profession - software developers will (successfully) demand lower quality from the lower level software, so they'll have an easier time delivering software that has almost as many unnecessary features as it has bugs.
And I'm not really close enough to retirement age.
