Losing a Battle, Catching

By Peter Coffee  |  Posted 2006-06-12 Print this article Print

Mistakes"> David Wagner

As a security person, I think were losing this battle right now. Were falling behind and we need to step up our game. Were getting better at security, but hackers are getting better faster than we are. About 80 percent of home computer users are infected with spyware. A new Windows XP machine has a mean time to infection of about 15 minutes. Were falling behind.

I would be careful of the "Its not my problem" syndrome. Developers think that "Oh, Ive got firewalls, so Im safe" or that security is about good operating systems, so its operating systems folks problem or networking folks problem.

Developers need to recognize its [their] problem.

Good application software makes a difference. In 2004, Internet Explorer had a publicly revealed vulnerability that had not been patched on 98 percent of the days [of that year]. Firefox was vulnerable on 7 percent of the days [of that year]. That tells you that what the application developers are doing can make a big difference.

Bill Joy

When I was at Berkeley in the 80s and late 70s, Eric Schmidt—whos now CEO of Google—and I were graduate students together, and Eric was a summer student at Xerox. He showed me Cedar, a type-safe derivative of Pascal, so 25 years ago we knew it was possible to write a programming language that caught dumb and obvious mistakes.

In the 90s, when James Gosling showed me Oak [the predecessor of Java], I realized that here was an opportunity to build a language where programs have meaning. When you write a Java program, theres a spec; theres a formal semantics. If the program can run—if its not a concurrent program—it will always give the same answer.

With the coming together of the need for security with the Net and of programming languages that are testable, you can come up with layers of abstraction. Javas just one layer. If you write your whole program without any higher-level description than just a Java program, eventually, it will be too hard to understand.

You need patterns of software, other layers, other notations, other ways to test higher-level properties of the software.

Thats the only way. These kinds of transitions take a really long time.

Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.

Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel