In Depth
Patching Software: The Big Fix
Insecure software is forcing vendors to do what they've never done before: make good software
By Scott Berinato
October 07, 2002 — CSO — Let's start where conversations about software usually end: Basically, software sucks.
In fact, if software were an office building, it would be built by a thousand carpenters, electricians and plumbers. Without architects. Or blueprints. It would look spectacular, but inside, the elevators would fail regularly. Thieves would have unfettered access through open vents at street level. Tenants would need consultants to move in. They would discover that the doors unlock whenever someone brews a pot of coffee. The builders would provide a repair kit and promise that such idiosyncrasies would not exist in the next skyscraper they build (which, by the way, tenants will be forced to move into).
Strangely, the tenants would be OK with all this. They'd tolerate the costs and the oddly comforting rhythm of failure and repair that came to dominate their lives. If someone asked, "Why do we put up with this building?" shoulders would be shrugged, hands tossed and sighs heaved. "That's just how it is. Basically, buildings suck."
The absurdity of this is the point, and it's universal, because the software industry is strangely irrational and antithetical to common sense. It is perhaps the first industry ever in which shoddiness is not anathema
The only thing more shocking than the fact that Kawasaki's iconoclasm passes as wisdom is that executives have spent billions of dollars endorsing it. They've invested
"We've developed a culture in which we don't expect software to work well, where it's OK for the marketplace to pay to serve as beta testers for software," says Steve Cross, director and CEO of the Software Engineering Institute (SEI) at Carnege Mellon University. "We just don't apply the same demands that we do from other engineered artifacts. We pay for Windows the same as we would a toaster, and we expect the toaster to work every time. But if Windows crashes, well, that's just how it is."
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Safeguarding the New Currency of Business
Watch this webcast to learn how your organization can leverage PricewaterhouseCoopers' Global Information Security Survey 2008, the world's largest survey on privacy and infosec practices.
- View Gartner Video: Best Practices on Web Application Security
- Safeguarding the New Currency of Business
- The Evolution of Application Security - Reducing Risk in Your Organization
- Data Protection: Challenges for the Traveling User
- Revolutionizing Endpoint Security with a Single Agent
- Make Compliance Regulations an Ally Not an Enemy
- Effective Security with a Continuous Approach to ISO 27001
- A CISO's Guide to Application Security
- Optimizing Infrastructure Control
- IT Service Management: Metrics That Matter
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
- Configuration Assessment: Choosing the Right Solution
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partner
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
