Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


The Perils of Turning Pro



 By: Peter Coffee
2006-02-21
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: If practice makes perfect, does imperfect make malpractice?

When I got the invitation to keynote this months Software Security Summit in San Diego, I proposed "Mediocrity Is Malpractice" as a title for my remarks.

I was thinking of this as a general statement about rising expectations. As it got to be time to prepare the talk, however, I realized that I should take it as literally true and explore the implications of developers being viewed as (mal)practitioners.

Its not original to talk about developers possibly being regulated by the professional engineer certification system thats administered by various state agencies.

Im not certain that such developer certification is a good idea; Im definitely not expecting it any time soon.

With or without such formalities, though, I suggest that developers meet key tests of being a "professional": specialized skills that many people cant realistically hope to acquire, a specialized vocabulary thats not accessible to the untrained and the kind of work that can be competently judged only by a professional peer.

You dont need to speak of malpractice in a field such as plumbing, because a layman knows a leaky pipe when he sees one—but it takes a top-flight coder to go through a nontrivial program and quickly spot the kind of flaw thats potentially dangerous.

Its therefore necessary for developers to be a self-scrutinizing community—one that can say with credibility not only when something wrong has been done but also when due care has not been taken.

Resource Library:

Acts of omission matter. Malpractice is not limited only to fraud, deceit or other acts of commission, but it also includes culpable failure to know or to do.

The classic example is a lawyer who fails to file suit before a statute of limitations deadline has expired: The client cant be expected to bird-dog his attorney on such matters.

Crucially, theres also ample precedent for the idea that failure to know and comply with applicable laws and regulations is, by definition, a negligent act of omission.

Faced with a growing number of laws and regulations affecting software development and use, software practitioners must therefore work that much harder to avoid such errors.

When law meets up with technology, one of the most important sparks that fly from that collision is the idea of strict liability. Say you rent a car from a discount used-car outlet and one of the cars tires is conspicuously flat when you pick up the vehicle.

You drive it anyway and have a blowout that leads to an accident. The rental agency can then claim your knowing assumption of risk, plus contributory negligence, and thereby reduce its exposure.

In contrast, if I rent you a rocket ship, and it crashes on a city, I cant reasonably claim that you should have magnafluxed the turbine rotors before you took off—or even that you should have known better than to fly it over an inhabited area.

Rockets are a relatively obscure and inherently dangerous technology, and the system works best if those who introduce that technology into the community are held strictly liable for the consequences.

Software is still a lot closer to rocket science than it is to Rent-A-Wreck—and the model of software as a service involves more software developers becoming providers to clients who dont know and cant be presumed to understand the inherent risks of what theyre getting into.

For example, while planning my drive to the Software Security Summit, I looked up the destination on Google Maps and found a diagonal band of blank squares across the middle of the map.

Two days later, those blanks had been filled in—but imagine some automated system that relied on that service, suddenly finding itself in terra incognita. Its a good reason to call something "beta," dont you think?

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

And when you think of yourself as a possible target of a lawsuit for malpractice, you dont leave comments in source code that say things such as "Dont even look at the mess below"—an actual example from a gallery of comments that Ive seen and the kind of thing that you wouldnt want a plaintiffs attorney to find.

Professionalism doesnt mean just doing your best; it means knowing and being prepared for how good others expect you to be.

Peter Coffee can be reached at peter_coffee@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: The Perils of Turning Pro
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Peter Coffee
 


xv۸(;^>;wEW[d[۶-%Y$)l+K?ߚg*BKYI(BP(!GA 玪\82H~<4<Λ7uL9Y#C rD3,wU Eﮪjc ;0\6 \YOy'wx;`KQ;QMe0Ǔ4ߙ1=ͩ:6|fx97)\ 3meb ^QkсyG`n%xC"u^8!I$w,S0e#b0 g?NUol !)IBd+B(?F#" aco߉г;/Pb5R7}Rdh9-rTȊ߉ecby1ժ=TRJg3Bz35_-:nNOn/9n:'ݛ9^qٙyĘ ]l3HJmup}6Oy5HZ|`k` [sLwZ| ȹH ?td@GcDx,'YT7QZ(/s$dbbZ|@X2B(Y=GM 9ɔaP6 4ݰsvzƊFnZPuR‡ f]#w  a4[#RDp &\ 5?*>UalYs7*RiK2X U E$2ݠQ3>N˒$o# ciz\(&PHR~*nlNR}yp!ljY]V'dauIUi3[d% ށix>!eO^ S35֍pX.\RiI1qrJrG!gV/AA@꿇EL@0ѩn!m]*ucάY0hF vުSߧnΦjۉ!9* ڠN+/qK Tmb>'ݨpV83 U(z13 a > >FN9=H*}n9A%UǶCMߟLG`p&;hk - D+wc E#` V}R+?m:fQ(9N@4umMrA=S9jZд@ţ@ U4 đMTUbEX;(];(cXe[pM9~ :FU.cD[3 A@MTI}&hm4zzD*弭(F*6.u(\ @/ աŢDHUX#%tVа%թ&6e-4.&D~’}DBCipӞrVqCf?K~2ԪbV= "j$WU߬L3fk)'@S$f|Рg4'8w⾿-}g``?UMK\sj>#]\V`QaJ]TF 4c?`2$̮$fG ã2T.'1^P}P]H(H3snz͂\/Qmc椡 "9&cf>j֠r8@r0d٤S,H51R2"'{@n5Ie[K[3^V OP'z4&{3e) =mQJk8'Zu/ ӲʧSJJ@(A@L:y>Z,L(``!>kv#QHk(}j Z}YܐA(+k9i7a/mcDH!#24÷PaPNT3%4OQrd2~D7uֳ>^#"!9ݩs53/RNR4s0>zJeR)Y)-x8:T6uGca luGqHϣDʌj%Q U-qǕ.҂Vk898$XRNb*,E%b (NZa HhٔJ/\V `Qɕ3HȵȊ@Gݱ>V!ȵڽv?&A\TS,.=EUT-V岔?ͳ!ݓBpimzB%3;-ܛх`,@N|k@a>uR9(̖pK%4eS/ .9@_<y}5QC/4Mu䖴Fuq0 )_3kKqmKZ&ԔU(T]nEYuJMP מ'nuvz .ɤ̓O\\׺hg?YwW3gT}ć) sgCRRHwضZVrvjc"CqC@a HR{D "Y@br(Z"UU+t2R@B\F|gxl{ !ֹǶWhO dM!Mo$DxK!rM+72Llbf\&DW`7q1V?(5)WO BP`&w,/N@T #Nxs\ΛIO}ڽ C<ĹgNӽ<$"̼ur|8Gq{>TGZ`6&t.Oڿrݏ'B&øoѷ(=H3R!c:Iw1n:d+M=+akZ''5+C{~;oC9"$;9 us_>wQ:9\dcx/`FHN:|m48T6M"z&k쇠iҝ3+vHY!Br_'kF,8;XIR!m%۪P>C٠ihN;+ O=|uX txO($T֌i9PT{\*q]>GG2qy瑄6 V%J(DrIGzRF6eo'u_f} bt4zUt":CWo)J!~_.c&8~ ѶP=8ԭrh%縵zI~<ɱ}Am9˙^'iZ;_*7 rE5P!n*r֚SE[Dӆ'63fx!u,0lq)՜R§0oBڸEK[m]S-RS_)L iuX0Hg#eBUY>B|%$h8W:Br'xr'jxxj}qUYA>( ;hgGN僃@S fO:V`'M{q?I8Gu*b,_A7n`1B?jw`YvT%5m]꜌DU~zv`h) m.S'mg-;oCĆ_ wBR5(Ϟe0cht@ÿ̳RQwic?K.}:﷯Is 09jJGIHRCwGH4BW7G}/ R#|--84Ǡ1,,L>;G$cc:撄 ,+[{wCȘS.{ۉ~g#S^~:-< &n_%R -яKfi^x u45ij ߣ%?~/ >z~#Oa ]kd;/oӯt9:)dž&;3 n,1FP9{ꀏviR9)qk,:4ʰ3^;5ĺAV#U\`[ *9;g3:a8eإ чiu(9T?;ˌ@-ƌ>UN|(' |db[RrbTKe3.)*=X,E \-dPnA%q`-Պr94{@KkbQ$$_Y5nXR,&rdɐLyi?)D9Cg _Hǃ])Ũ/8a2*P&;ZWʉUJ}j>p 7-^Nmk>E& .@@]ExGBBy*p?UbH.UnGHJ@|铰A_Z.dEGx=~{&+.mJŗ'aELF0\-` !L@pSK"a߈p)xxQ3OC1oZ_U! mOrmSj,'ti.<@SGp#u] 'բ&ʁ rUV% .pIW$X8q\Bg'̓|j'dX~)2xbhw-?3/ǰah?»r 4$;)-puʵA1i 3$m0QA |ql|&A+/Eh-6x@b-icAu+X STPZD1G8 @Q@$7A/hͭa!3 2Fpn12I ~wkwkwkwk׷J屼zy9 :ԝ{hDY pXh1>t:,LlEf#1h\z1Z!-KhY{XvT`AwÞnнy^ߎ^ȡ <@7U_G/c9qD{ !p_Q7nsÌoZeH6Ylr 3tȀDվE;'Y" ڸ_&"P@+`7O)t_. KYkATK22PB";:_O藂Wj HACPHT=.n<[mo(eܴۿx 1:& 5ZɃ$qA"$7C Oxd#^dF0Ko1z]"^ {:bXB %Ug|eI'#n53)bRs|ߣH̨"m^-)jhKYkf c'd35w6hu}sy1Z1 ס F{`'?^wD=r TQS]U-/1[B*̸b/oniܞl(knzd"٦!ژErS"ȹ}|P6-X `|J0 c c2(6V#.|﩮 H(K+٥gϘ:wRtTP2+L n81|:qZl^Bf4CX6bM$TJ86+┲fne )3]-ITT<JK)ttc?@c1X ApSߕ ? pr|*q_o7Z&zDFڧB8X<k = o5Hh#Ngv@N HuWknr9޿S\mD 1;sl^?bQA缷x W`Wlm۲,Wn4R (ӘALO`0LUTm:^43?b)_6b~esY x#jO'絡(`EGvʹMh%MFhdj׸U))Z46XWJ+PScl$JYZmIr &khЧQW`7qB&ꉭh}exxJ׌r[PMjٵGng%W0OAfmx[+}Y)_p48x9ڀkcjEl~2hTL6 o;=vk{LjROnWLvc_ _!,#my7R[ $yʏ}Z.EHu%qMpZsrپ靷u-<4zHsgD"'xk5{S_ T>4? L{ ̃sHrT+ǃލ1,K80[4;?2a)]W?Fpgb'r)-_/{ҁTD7FDu2x`8*ejٻw L 2@s84>|(wv$ܟ:LsB7@אIog<:n#Dt#Tc Y3:#&l-f:bA{ [3#}۹lU^(l+wDycFa < 7@p^B4Q8&.H n$H)kPhP؞?0mS%LI0Z ^R7XL`:>0J=(S[]Ĝ?]4o? we޺ c:4t<25ykntd͡Q*I|8+&|G/ %nNsK ṇR$:!%H$b{=9^Aqm􀤏fzZ~X׻SEď1 K1cTR95 "38LXˉn ;le,؅ -Mȕ@ZAȈPq;#05u*a5|r'Psк:LNפENmx;\;Kr>Q%kE푷jQqi}uݹ皧31z;*:ՕU&BY2 6SfT} {̤9,,% ywl"8l NO|?Ss?O?g靓\sd3ˌth'r_z!sfE\@/2/~/2{"@yyAȣ2 ,#_ HHK ..ȟn|fȗ+ W寁~3eeϠ@_3J}'ߧ @MV:M@7d_ry[|ֺ…)QFz9<ʠrEV*SV:,.O3 =CU$HϠXi7ZeU+\z^}NdF*oIr]5.9eZ+ /YSմ*qմ mp}}}P ByekRA0 AܠKXEó""hh4oĺ.0*}h:`-Wvt+aJY.)ܢm:QKkXE)c9 8{c_jQ/bXy'd4k[aHOѭ/A\ZI[F$ZQd=7\6p赵u9b#p75in[~|^Yiv G{6m铥΃LGӠS7UQ !Pa}CQ"D74\O9K wmXy!~38]opܣ17?g 4DɹP))JIoR-W+;?5"- 'C80t"+,RSL-U*AT,N /($@%X7 {%}CՕ8fȢT qu+YӷJ&|`czm#XҬxY%asa+h;R#?@(sY\FlOBfCx73&wI&\ʠbC ؒ:VOD-- 1{'mلhiǭaƱr@, @cd߻C!/mc yYU q%fv?$2mHn@{>lZ8=۪9t؆,֢wlvԙ%Oy 8 $Gl; }]…Id|ë|C$´*y&x D亂mK_1={wJw]@p7;}PCDa0'TbۧHNP_BD_vb@Cǹv2hrB!Y`_EB `+&4*3Up&]@GC߱0\8o]2ҷ)%,HVSPsEIoX;ql>9+so]clC=&n (U(z1:AϐTh(M9 !+ H^0}J$gg_5| Fy*b5wgQlVxR%'Ɲa9.^K`RHVr. =`nzۭ0mT/Ă_| P 3M|x`ãiб ߞ(2m-Eǝ.t };{/ݤd-+2dB%vlHYY҆Nw&/C1G8]! r"_R an^|eD$t@Ч4I cLcc} avwjڪqe]bjжֵd2-1ic%p'!-Xs[Outם8G dSҚKx *|?Oe!Mp8C3 Zݐ>7Q$TzsiZQڃtER0yNЊ?dtE#bSp.@>Pe62RWD ^)۱Ybd휙no'mrΦ(@0rē#<[^ҵ<oc5SW<2Yn0w6LK#]ZDc`Wpۂ{Di["ʥ.lSl̞=Ba҃𦇝)_X ( # LwEN!hU.$VtZPl@ xQ b {m;pS利6r3l XE2[<ö,:q` {m;Q=k{3l[VyXhFXS#5gâ@XV=_1xF| /XW}qxurv2i^GjB~eaGZͼ,*;҂g'tQ\FC$#0P/y암vlH9m5GPh1'R9(Dt3MaF*)Aua%o *[ApNWejs"[4.ǎ;q[ AEBd+KU̱tzs:(75wSF \ E c3}Zv=G mr?q,r] l&jCi61Ĝbdr"0_o>AsDU$xtCGjET`$;]+vN%th&gvP?f8%ٔ M(5CY7Wv!{|xFq-^u/AĂ+<"e}){ɧ/π.ȟe --@V$oDG"ʞ 4vqO8O}C;oٍ%:48ݽ:$G ׿K_egV΋@-fZ_ip7sa,ARt F[ P??0<FK UG8#`Yic'N 3")l1[F~&ж:KTЃ|@컘lHuvXns< jZhI~*` Zy_`=(VFH{з`٩,3ˢHJW (3R}TJ5c J91:4vB9) M[{P$ ^_Aߘ-,[sFnRDq̱ɺas`i_)Z9TMnTȨ?{ ^;=1#;4 }OkeP¬|ʒ$wEpЯ7RV 532- "u'5j. 7pa^%¯4'AeTo %OG?_gԴ+JWm~U'X쎨nK{&9X9G0> *%^UѦ'w±JS_u|57 FնCdv=7g/џNT~F2j jcb/tv,C y\~ZDh|n]Z#:xwǏވ"S{1 53jvBu$Oo9Q&o }u1vs,^ +apCercWX6i E&}{96BMĄ.`Qw΃sD>_=z{ V ΅Y%v,ٰS \wTĆ=h$RKoTG3 4K W BNɔ?wSh!L2H&D~ڲL{xIݰ=TS%;qҤAI~~H|cgw y44<-b 3%R/IuNn:P|6cj`Oxh;~B>G (t?O7}޴ixM2nڎ☀b_bL{x/ x!m% faA*Ej , _k7It} ӽ% ;4P9,'s{$CqԬO;r=A'U7E9|HFT{V@J@~+[#pBqp18ְ\.B,[oVPVh2ꎍ#^q%,S){&,xŕ^ `rv ᵅ![$|^a2[v/isShJh^ga\z\})%D"V[vYpEq{}wZǿ|~<Œ-Z{}Nw|WdF;6M 5X$t4J#d z*7]BY(D4߷[1! p3}@*Պ`mN凡mľ^n:}(lPdbII൙m3ԩHwDs+ƝӍͷ"+\ K_<+=?