[kwlug-disc] Security arguments

L.D. Paniak ldpaniak at fourpisolutions.com
Wed Sep 23 15:58:54 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Khalid Baheyeldin wrote:
> 
>     0. Everybody starts out as a newbie.
>     1. Newbies make mistakes and (by definition) don't understand every
>     nuance of their programming/sysadminning environments.
>     2. Therefore, mistakes will be made.
> 
>     This has some implications:
> 
>     0. If you expect your programmers and sysadmins to go through hoops to
>     make their code secure, then there will either be a lot of insecure
>     code or there won't be any newbies (so your language will die).
> 
> 

There is implication 0.5:

If you make your code absolutely secure at the cost of making it too
hard for newbies to use, then no one will be able to afford software
developers. Or software.

Windows 8 would cost $500 for the upgrade version and there would be a
lot fewer open source projects in the world.

As with anything, it is a cost-benefit balance.  You could spend 3 years
debugging your code and make sure it is airtight, or you can get it out
the door today and get your paycheque.

What is security worth to you in time and $$? That is going to determine
how secure your code or website is.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKun3+8h2PnOHbiQcRAqSeAJ9/I4jphSJ+KOp7PVukVR1BCSUD1QCfT1jF
UEzntBf6k+ZTqHcEv3m15R8=
=OzO5
-----END PGP SIGNATURE-----



More information about the kwlug-disc_kwlug.org mailing list