by Anonymous Coward writes:
on Tuesday September 05, 2017 @08:29PM (#55145083)
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
Oh, that's actually simple to answer. To the very last man, they'd all rather die than do anything that helps their competition even one tiny bit, even if they would have come out well ahead in the end. They simply don't buy into the old "a rising tide raises all ships" adage, and they're not interested enough in benevolent gestures to even invest serious time finding out it's true.
No. The answer to the question is that the ones most effected by an exploit are not IT companies. They are businesses that build, buy, and use applications. Well known OS and other low level infrastructure components are assumed to be reliable and if a problem does occur they will kick the problem up to where they got it and depend on someone fixing the problem for them. There are not many corporations who will fund a group of in-house OS developers who sit around scrolling through source code. Counting on
because a single audit wouldn't solve the issue, 100 audits wouldn't uncover every flaw. Software development is an ongoing process, new attack methods and vectors are discovered all the time. basically audit/review needs to be a basic feature of large development but you would still have vulnerabilities being discovered regardless.
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
The same reason they are using crap software in the first place. Big business is like overfed government agencies extremely incompetent and inefficient.
"they are using crap software in the first place" How would you know? I bet it must of been a time consuming audit to reach your startling conclusion. When can we expect your roll out of non-crap software? Since you claimed the software is crap you must have the innate knowledge and experience to fix the problem. Or maybe you are just a wannabe software guru talking out his ass.
"extremely incompetent and inefficient" This statement perfectly describes today's generation of morons who think being able to use F
"they are using crap software in the first place" How would you know? I bet it must of been a time consuming audit to reach your startling conclusion. When can we expect your roll out of non-crap software? Since you claimed the software is crap you must have the innate knowledge and experience to fix the problem. Or maybe you are just a wannabe software guru talking out his ass.
"extremely incompetent and inefficient" This statement perfectly describes today's generation of morons who think being able to use Facebook and Twitter is a technical skill. The same morons who think all the problems in the world can be solved 140 characters at a time. And since governments and corporations are staffed by human beings they end up being extremely incompetent and inefficient.
As a software engineer with over 30 years experience.... they probably ARE using crap software. I cannot tell you how many (and it has been many) companies I have been brought into just to fix crap software that they were running and, whoa! just now discovered that it was crap software. The ancient adage is true: It's always cheaper to do over than do correctly the first time. And, NO, Agile does NOT solve that problem either.
The typical page layout program is nothing more than an electronic
light table for cutting and pasting documents.
You'd think they'd put their money to good use! (Score:0)
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
Re: (Score:2)
Oh, that's actually simple to answer. To the very last man, they'd all rather die than do anything that helps their competition even one tiny bit, even if they would have come out well ahead in the end. They simply don't buy into the old "a rising tide raises all ships" adage, and they're not interested enough in benevolent gestures to even invest serious time finding out it's true.
Re: (Score:0)
No. The answer to the question is that the ones most effected by an exploit are not IT companies. They are businesses that build, buy, and use applications. Well known OS and other low level infrastructure components are assumed to be reliable and if a problem does occur they will kick the problem up to where they got it and depend on someone fixing the problem for them. There are not many corporations who will fund a group of in-house OS developers who sit around scrolling through source code. Counting on
Re: (Score:1)
A rising tide raises all ships, so the other captains will have to come up with a solution and then we'll just piggy-back it.
Re: (Score:0)
because a single audit wouldn't solve the issue, 100 audits wouldn't uncover every flaw. Software development is an ongoing process, new attack methods and vectors are discovered all the time. basically audit/review needs to be a basic feature of large development but you would still have vulnerabilities being discovered regardless.
Re: (Score:2)
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
The same reason they are using crap software in the first place. Big business is like overfed government agencies extremely incompetent and inefficient.
Re: (Score:0)
"they are using crap software in the first place"
How would you know? I bet it must of been a time consuming audit to reach your startling conclusion. When can we expect your roll out of non-crap software? Since you claimed the software is crap you must have the innate knowledge and experience to fix the problem. Or maybe you are just a wannabe software guru talking out his ass.
"extremely incompetent and inefficient"
This statement perfectly describes today's generation of morons who think being able to use F
Re: (Score:0)
"they are using crap software in the first place"
How would you know? I bet it must of been a time consuming audit to reach your startling conclusion. When can we expect your roll out of non-crap software? Since you claimed the software is crap you must have the innate knowledge and experience to fix the problem. Or maybe you are just a wannabe software guru talking out his ass.
"extremely incompetent and inefficient"
This statement perfectly describes today's generation of morons who think being able to use Facebook and Twitter is a technical skill. The same morons who think all the problems in the world can be solved 140 characters at a time. And since governments and corporations are staffed by human beings they end up being extremely incompetent and inefficient.
As a software engineer with over 30 years experience .... they probably ARE using crap software. I cannot tell you how many (and it has been many) companies I have been brought into just to fix crap software that they were running and, whoa! just now discovered that it was crap software. The ancient adage is true: It's always cheaper to do over than do correctly the first time. And, NO, Agile does NOT solve that problem either.