Oracle’s Chief Security Officer made a remarkably silly comment in a talk at WWW2006. CNet covered it here.
First wrong thing: We know how to build bug-free software. If you’ve flown a Boeing airplane built in the last ten or fifteen years, you’ve trusted your life to a software system. The nav systems have been software driven even longer, and all the newer planes are fly-by-wire. We now how to build high-reliability, bug-free software. It’s just expensive.
So, what would it mean to build bridges like software? Well, you’d be able to automatically assemble a new lane overnight if you needed more capacity. Anybody driving down the road would be able to get their best route around traffic jams by pinging the road. In fact, the road would probably be doing most of the driving, so you could work, or talk on the phone, or … whatever else you wanted to do.
If you need another bridge, you can probably reuse the bridge you built last week, for rather less cost. Bridges are kindof an interesting problem, so you can probably get pretty good people to work on them. They are pretty amenable to agile methods: You can put the engineer on site with the customer, maybe try a couple of approaches and put just one kind of traffic across first. It’s probably best to start with just trucks, since that gives you an early payoff in commercial traffic, and anything that will hold a truck will probably do okay with ordinary cars. Trains will need some additional infrastructure, so do that later.
So building bridges the way we build software might not be so bad.
Now, turn it around. What if you built software the way the civil guys build bridges? First thing, it would be expensive. Bridges are all purpose-built – what the Brits call “bespoke” software. No trotting down to CompUSA to pick up a copy of your favorite game. First you need to get a game development permit, do a “sight” plan, (pun intended) and get the plan reviewed. Maybe for games under six minutes long (like fences under six feet high) you don’t need a permit. You need to have your development plan publicly reviewed, even on private computers. There may be public hearings if you’re doing something unusual. There will be endless inspections, and government inspectors may make you redo things if you use a technique they haven’t seen before, and approved in advance.
The problem isn’t a lack of regulation, or a lack of attention to detail on the part of developers. Rather, there is a basic unwillingness to spend the money required to “harden” applications and servers against ill intent. It’s not cheap, and everybody thinks that somebody else should pay for it.
Which is fine. If you want Windows XP (or Vista, whenever that happens) hardened against all threats, you need to do two things. First, expect to pay about ten to twenty times as much for the license. Second, you’ll need several weeks of training in order to learn to configure the damn thing.
Me, I’d like to sell you the training. I know some very good trainers, and I bet I can get repeat business.