Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2010

Schneier-Ranum Face-Off: Should the Government Stop Outsourcing Code Development?

Point: Marcus Ranum Before we get started, I need to confess my biases and background: I've been a coder, project leader, VP of engineering, CTO and CEO -- I've held every job in the software task tree that exists in a software company. I'm going to make a few assertions in this column that I won't have room to back up in detail, but they're facts and you should accept them as such. Most of what we need to know for this discussion is summarized in this observation by the co-inventor of the buffer overflow, Brian Kernighan: "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." Finding security holes in software is harder than debugging. And finding a hidden security trapdoor in software would be even harder. So it follows from this assertion that if you don't know how to write code at all, you're lunchmeat if anyone, anywhere, is able to inject malicious code into your software supply. In fact, the ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue