Programming with a dose of satire...

We're in the Social Zoo

  • Find us on Facebook:

  • Read book excerpts and follow your favourite authors at:

    Follow all your favourite Fingerpress books and authors at Scribd

Categories

Books

  • Books by Matt Stephens (published by Apress):
    Design Driven Testing: Test Smarter, Not Harder

    Use Case Driven Object Modeling with UML: Theory and Practice

    Agile Development with the ICONIX Process

    Extreme Programming Refactored

    XPR in Chinese:
    Extreme Programming Refactored

Archives

More...

Subscribe to this blog's feed

« User Story != Use Case - but User Story != Story, Either | Main | Announcing Fingerpress - a new book publisher »

Don't blame Willy the Mailboy for software security flaws

Here's my latest at The Register:

There's a low rasp of a noise being made in the software world. Customers want software vendors to hold programmers responsible if they release code containing security flaws.

Actually, that's not strictly true. Security vendors want customers to start wanting software vendors to hold the programmers responsible.

As we recently reported, the annual Top 25 programming errors announcement urged customers to let software vendors know that they want secure products. This desire is captured and bottled in a draft Application Security Procurement contract provided by security certification vendor SANS. The majority of the contract discusses liability in terms of the vendor. But the occasional clause stands out, like this one:

Developer warrants that the software shall not contain any code that does not support a software requirement and weakens the security of the application...

In other words, when it comes to application security and QA, the buck stops with the developer. And that's in a contract that likely won't even be seen by the developer and will be signed on his behalf by his employer. It renders the contract unenforceable - so why add a clause like that in the first place?

It reminds me of the Dilbert book Bring Me the Head of Willy the Mailboy. No one wants to take responsibility, so the blame is passed down through the ranks in an Ayn Rand-ian shoulder shrug, until the atomic unit in the trenches (the programmer) is reached. The process has failed, management has failed, QA has failed and the customer's blood is boiling. So the answer's obvious: sue the little guy!

Read the full article at El Reg.

Posted by on Sunday, 28 March 2010 in Analysis/Design, Coding Style |

|

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c8b6353ef0133ec46683e970b

Listed below are links to weblogs that reference Don't blame Willy the Mailboy for software security flaws:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment