Post by Vassil Nikolov | Васил Николов

36d

This is a very serious matter, but this article omits some important points.

There must be laws and regulations which require every organization handling sensitive information (not only financial institutions and the like) to have sufficiently secure computer systems.
And there must be regular audits of the latter.

Software engineering must be regulated in a manner similar to civil engineering and electrical engineering with respect to reliability, safety, and security.

From the BBC:
Vastaamo hack: My darkest secrets were revealed to the world
<https://www.bbc.com/news/articles/c62nzxqw45eo>

#ComputerSecurity
#SoftwareEngineering

1 1 1 View Post & Replies See Original

26d

"Software engineering must be regulated in a manner similar to civil engineering and electrical engineering with respect to reliability, safety, and security."

I believe that the U.S. military tried to do this with the Ada programming language. It seems they had a goal to make everything auditable and verifiable. I haven't studied it in depth so I can only surmise.

1 0 0 View Post & Replies See Original

25d

@octade wrote:
«I believe that the U.S. military tried to do this with the Ada programming language. It seems they had a goal to make everything auditable and verifiable.»

Right.
This is an important point.
Indeed the whole story of Ada (now approaching half a century!) is a valuable case study (for one's Unlimited Free Time ™ 🙂).
Not all milk and honey, of course.

But the military know how to take care of their technologies.
Maybe it is clear and redundant to say:
my concern is about civil applications of software engineering.

#RegulationOfEngineering
#SoftwareEngineering

1 0 0 View Post & Replies See Original

24d

Part of the problem is the design and standardization of hardware. There is no respected or august standard or authority to establish hardware guidelines (think posix) and say:

"Hey, you are making too many different versions of the same thing that do the same thing and with a zillion different unnecessary interfaces and ways to all accomplish the same job. Stick to a simple interoperable scheme that can be audited against a standard."

Many years ago I used to troubleshoot dialup modems. Modems varied wildly in their firmware and AT commands. This caused wild variation in device drivers. And most of that variation was unnecessary. It caused a lot of busy work and wasted time.

A modem should not be a modem. A modem should be a specification. Then devices should be designed strictly around the specification. Apply to all other hardware devices, operating system primitives, boot system primitives, compiler logics and routines, then wash, rinse, repeat ... and things would move closer to an infrastructure that can be strictly audited regardless of the particular implementation.

Anyway consider this a fantasy rant. I don't see it ever happening.

0 0 0 View Post & Replies See Original