PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2010

Schneier-Ranum Face-Off: Should the Government Stop Outsourcing Code Development?

Point: Marcus Ranum Before we get started, I need to confess my biases and background: I've been a coder, project leader, VP of engineering, CTO and CEO -- I've held every job in the software task tree that exists in a software company. I'm going to make a few assertions in this column that I won't have room to back up in detail, but they're facts and you should accept them as such. Most of what we need to know for this discussion is summarized in this observation by the co-inventor of the buffer overflow, Brian Kernighan: "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." Finding security holes in software is harder than debugging. And finding a hidden security trapdoor in software would be even harder. So it follows from this assertion that if you don't know how to write code at all, you're lunchmeat if anyone, anywhere, is able to inject malicious code into your software supply. In fact, the ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue