The root of the problem: Bad software

[Gary Stoneburner <stoneburner@nist.gov>]

re:
http://news.cnet.com/news/0-1014-201-8006311-0.html

"At the root of the problem, McGraw argues, lies "bad
software." While the market demands that software companies develop
more features more quickly, McGraw and others in the security field are
sounding the alarm that complex and hastily designed applications are
sure to be shot through with security holes."

"I would say there are three major factors influencing the problem.
Number one is complexity. It turns out that software is way more
complicated than it used to be. For example, in 1990, Windows 3.1 was two
and a half million lines of code. Today, Windows XP is 40 million lines
of code. And the best way to determine how many problems are going to be
in a piece of software is to count how many lines of code it has. The
simple metric goes like this: More lines, more bugs.

"The second factor in what I like to call the "trinity of
trouble" is connectivity. That is, the Internet is everywhere, and
every piece of code written today exists in a networked world. And the
third factor is something where we've only seen the tip of the iceberg.
It's called extensibility. The idea behind an extensible system is that
code will arrive from God knows where and change the
environment."

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* MAJ Gary Stoneburner         
* US Army Land Information Warfare Activity (LIWA)
* Ft. Belvoir, VA
* NIST contact points are still valid:
*   Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
**************************************************************************