[Cryptography] I don't get it.
Guido Witmond
guido at witmond.nl
Wed Apr 16 15:23:07 EDT 2014
On 04/16/14 12:30, ianG wrote:
>
> I'm not sure about this sudden explosion of angst that people are
> feeling. The Heartbleed event has been waiting for a long time. The
> code is very complex, the dev team is under-funded and overwhelmed, the
> design is atrocious, the user-base is unhelpful, the apps are a lazy
> mess, the security model is a vestigial facade and the critics have no
> mercy.
Sounds like every other software project on this planet...
> Why hasn't it happened more times, is my question... This is why I
> track real events, because I can't believe they've been so lucky with
> such a bad situation. There has to be other things going on, and to
> find them we need real science (is my guess).
It happens all the time, only the severity differs.
As for probable causes:
- underfunding;
- ever-changing requirements, as the users will imagine new
possibilities as the project matures;
- managers/customers thinking that software *development* is a sort of
conveyorbelt, just replace a programmer with the next and the work will
continue;
- ie, all the classic software management errors.
Guido.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140416/0eee6937/attachment.pgp>
More information about the cryptography
mailing list