I re-read Marcus Ranum six dumbest ideas in computer security. I had already read it in the past but a colleague referred to it and so I re-read the page.
While the cynical ideas of Marcus Ranum certainly have a core of hard truth embedded in them, I don’t agree with all of them. One of the key ideas is that instead of patching and running behind on security issues, a system should be designed to be safe in the first place. The focus should be on good engineering and not on hacking/patching afterwards.
I agree that this is the root cause of all evil. If every programmer/software engineer/architect would design his software/system from the ground up in an absolute secure way thinking about every attack vector we would be better off. For the sake of argument, let’s even assume that these securely designed systems would be usable and don’t fall into the usual security vs usability trade off trap. This would be great, don’t you think?
For clarity, I do believe that programmers need to be educated about the issues and that we do need to raise awareness in order to design better software. However, I don’t believe that the issue will ever be solved. The reason for this is not technical or educational but economical.
When I was studying, my economics professor said that there are a few reasons why a company could go bankrupt and some of the most important ones according to him were : bad management and brilliant engineers. (the course was given to future engineers btw)
While ‘bad management’ (this includes project definiton and planning) is an obvious one, the ‘brilliant engineers’ is not. Imagine a manufacturer who has ‘brilliant engineers’ who have the technical ability to design and manufacture a product that is innovative, feature rich and would last a lifetime before failure. Take a car for example. Imagine they could engineer the perfect car which would not break and require almost no maintenance. The manufacturer would go bankrupt for a few reasons.
First, the unbreakable car would cost the company much more than it could make on sales as the customer would not want to pay more for a car than he did now (maybe a little, since it is a perfect car).
Secondly, for the unbreakable cars that they would sell, the customer would never return as the product is already perfect. (taking car crashes conveniently out of the equation here).
Now, let’s take this knowledge and transfer it to software development. Imagine that a software company employed ‘brilliant developpers’ and that these developers would engineer functional perfect and secure software. It would fail for the same reasons. No one would want to pay more for a perfect OS and the company would only sell its software once as it already was perfect. Although the last might not be true in the software development industry as new feature requirements and demands are constantly changing. This brings in another problem of time-to-market and even more development costs.
I do think however that there are cases where you need to design your software or operating system in such a manner that it is bugfree and that the risk of insecurity is unacceptable. Take the space shuttle for example. You would not want a billion dollar plane being p0wned or fail because it runs an insecure or buggy version of Windows. In these cases where the risk is not acceptable and where the customer is willing to pay the cost, software insecurity will be resolved.
It will always remain a matter of which risk the customer is willing to accept, transfer, reject or compensate for the price and functionality the software is providing.
Just my 2 cents….
