Programming Practice Conclusions
None of the development
controls described here can guarantee the security or quality of a system. As
Brooks often points out [BRO87], the
software development community seeks, but is not likely to find, a "silver
bullet": a tool, technique, or method that will dramatically improve the
quality of software developed. "There is no single development in either
technology or management technique that by itself promises even one
order-of-magnitude improvement in productivity, in reliability, in
simplicity." He bases this conjecture on the fact that software is
complex, it must conform to the infinite variety of human requirements, and it
is abstract or invisible, leading to its being hard to draw or envision. While
software development technologiesdesign tools, process improvement models,
development methodologieshelp the process, software development is inherently
complicated and, therefore, prone to errors. This uncertainty does not mean
that we should not seek ways to improve; we should. However, we should be
realistic and accept that no technique is sure to prevent erroneous software.
We should incorporate in our development practices those techniques that reduce
uncertainty and reduce risk. At the same time, we should be skeptical of new
technology, making sure each one can be shown to be reliable and effective.
In the early 1970s, Paul
Karger and Roger Schell led a team to evaluate the security of the Multics
system for the U.S. Air Force. They republished their original report thirty years later with a thoughtful analysis
of how the security of Multics compares to the security of current systems.
Among their observations were that buffer overflows were almost impossible in
Multics because of support from the programming language, and security was
easier to ensure because of the simplicity and structure of the Multics design.
Karger and Schell argue that we can and have designed and implemented systems
with both functionality and security.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.