Beware: Signs Of Apocolypse Detected

Thomas Ptacek | October 20th, 2005 | Filed Under: Uncategorized

I agree with Lindstrom’s post about liability, at least in principle. Dan Bernstein can’t write perfect software, and even if he could, it wouldn’t be reasonable to hold every programmer to that standard.

There certainly is software out there developed with neither the prudence nor care that a reasonable engineer would exercise developing critical software. But for whatever it’s worth, as far as I’m concerned, the issue of whether it’s possible to build secure software systems “in the large” with today’s technology is a settled question. It isn’t going to happen. We need to look beyond the software development process for answers.

It’s still important to assure applications, and companies should suffer when they deliver defective applications. I just think we need better ways of letting the market provide this kind of feedback.