• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

software firms blame universities for security problems

 
Ranch Hand
Posts: 1934
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bunch of morons.

They create crap like IE, XP and they start blaming the universities for not producing good security coders. How about blaming those options rich millionarirs who did not produce the correct secure application?

Here is the link.
 
High Plains Drifter
Posts: 7289
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try to relax. You can't expect an Oracle or Microsoft to get on stage and confess their shortcomings to the world. It just isn't done.

If you read the rest of the article, it's seems likely that most responders to the idea think what you are saying but choose to point out the flaws in the finger-pointing.
 
Ranch Hand
Posts: 305
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is ludicrous to blame Universities for the predictable results of greedy corporations. Microsoft is right at the head of the pack along with IBM and others.

I have worked in software development for many years and it is the policies and procedures of the company that dictate the quality of the product. If a company insists on speedy development and cuts corners on testing, they get sloppy buggy code. If they do not review code prior to putting it into production then they are at the mercy of the programmers whim. It may or may not be good code, it may or may not comply with standards (if the company even has them) Programmers have little to say about it.

That position is tantamount to saying "We're stupid and we need kids right out of college to write secure code for us because we are incapable of: 1. writing it ourselves and 2. testing it to make sure it is secure.

Sorry... This subject struck a nerve. In the past, I've been the victim of many projects where the company I worked for wanted speed, quality and economy and you can't have all three. I deliver the project on time and then get crucified because it isn't perfect. The old engineering adage: "Faster, better, cheaper... pick two" will always be true.
 
Michael Ernest
High Plains Drifter
Posts: 7289
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems to me that what C-level executives say is always more valuable in its implications and/or omissions than in its face value.

Note that Mary Ann Davidson points to colleges graduates: this is just another way of saying they want secure programming to be an entry-level skill. In other words, secure programming is important to them, but they don't want to spend on developing the skills. Ergo, someone has failed to provide it to them at an attractive cost. Damn colleges, screwing up industry again.

Bear in mind, we're not talking project manager/scared rabbit rhetoric here. That stuff, at its worst, demanding some result right away with the right to criticize the effort on evolving criteria at any time after the fact.
 
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ray Marsh:

Sorry... This subject struck a nerve. In the past, I've been the victim of many projects where the company I worked for wanted speed, quality and economy and you can't have all three. I deliver the project on time and then get crucified because it isn't perfect.



I have worked on a few projects like this. When the design is frozen before the requirements are frozen.
[Well, I will not make any further comments, its part of a developers life. There's no need for me to say it out loud, everyone knows.]

- m
 
Ranch Hand
Posts: 1907
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From the article:
{
"I'm not going to hire someone straight out of college because they don't know anything," he said. "We need people who have on-the-job training."
}
Then whats the use of asking universities to change their curriculam?If they change,then somebody will argue again that its not up to date.
Oracle's Davidson says:
{
.. better tools need to be developed to spot common flaws. Such tools should be used by all developers because even well-trained, well-meaning developers can miss errors in programs
}
Who will develop these tools?Definitely not students who are interested in learning secure programming.
 
Bacon
Ranch Hand
Posts: 305
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This not an insult to the youngsters, but you don't know anything when you come out of college. You have a lot of training and knowledge (at least you did when you passed your exams), but you don't really know anything about the real IS/IT/what-ever-you-want-to-call-it world. You'll have a head full of stuff and ideas about idealistic coding practices, modeling tecniques, etc. only to find that in the real world things aren't often done the way they are in text books.

There is no substitute for experience. What you learn in school may help you get started, but there is a lot to learn on-the-job.
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why can't you blaim the Universities? I mean you can't blaim them for IE, XP, etc, but you can blaim them for always being years behind the current technology. Now not all Universities are this way, but many are.

It's tough to stay current, with all the hoops that a University has to go through to aprove a new curicuilum, it's no wonder they are behind the times. I am currently taking a VBA for Applications class (not by choice) and we are forced to use Office 2000/XP. Why not 2003? But it's that way everywhere.

And then there is the POV that Universities are supposed to teach the building blocks. It's not the Universities fault that the IT market kind of stinks and all those Entry level, fresh out of college, training jobs aren't available because companies are struggling to compete and need people that know what they are doing.

"I'm not going to hire someone straight out of college because they don't know anything," he said. "We need people who have on-the-job training."

But that same guy won't hire someone with 10 years experience if they don't have a college degree either. It's kind of a catch 22 here.

Point is, it's everyone's fault and it's no ones fault. It's just the way it is.
 
reply
    Bookmark Topic Watch Topic
  • New Topic