Software set to remain insecure
Any chance of a refund, Mr Gates?
By Howard Dahdah, Computerworld Today (Australia) | Published: 09:44, 29 September 2005
Complexity in software design needs to be eliminated otherwise computing will remain in secure in the future.
That's according to Dr Klaus Brunnstein, president of the International Federation for Information Processing speaking at the SEARCC 05 conference, who added: "Currently, we add complexity to secure insecure systems."
Brunnstein said to secure an insecure product such as Microsoft Windows, a patch needs to be applied. Even then, that patch could do more harm than good. "Security is an issue of design," he added.
With complex systems of design, nobody understands what is happening deep in the system and "as a result we have ended up with the current state of play: worm outbreaks, DoS attacks and phishing and pharming attacks," he said.
Brunnstein believes the design of the OSI architectural model, on which the current IT model is based, is flawed "OSI is underestimating the problems."
The Application layer sits at the top of this stack and these applications, according to Brunnstein, are written by vendors in a supply-side dynamic. "There is no interoperation with the customer. What you get is what they want. In this educated society we must not rely on the manufacturer's wisdom."
In the future era of computing, whether that be quantum or light, the implementation of software must be customer-driven, so that. "Implementation must come from the bottom up."
In the meantime, Brunnstein says consumers should put pressure on producers to refund them for the damage their products have caused. He singled out Microsoft's Bill Gates. "We must force him to pay for the damage he has caused," he said, optimistically.
