The software professional vs the software artist

Developers with a creative streak don't get to opt out of security.

I hope that James Turner’s post on “The overhead of insecure infrastructure” was ironic or satiric. The attitude he expresses is all too common, and frankly, is the reason that system administrators and other operations people can’t keep their systems secure.

Why do we have to deal with vulnerabilities in operating systems and applications? It’s precisely because of prima donna software developers who think they’re “artists” and can’t be bothered to take the time to do things right. That, and a long history of management that was more interested in meeting ship dates than shipping secure software; and the never ending and always escalating battle between the good guys and the bad guys, as black hats find new vulnerabilities that no one thought of a week ago, let alone a few years ago.

Yes, that’s frustrating, but that’s life. If a developer in my organization said that he was too good and creative to care about writing secure code, he would be out on his ear. Software developers are not artistes. They are professionals, and the attitude James describes is completely unprofessional and entirely too common.

One of the long-time puzzles in English literature is Jonathan Swift’s “A Modest Proposal for Preventing the Children of Poor People From Being a Burden on Their Parents or Country, and for Making Them Beneficial to the Publick.” It suggests solving the problem of famine in Ireland by cannibalism. Although Swift is one of English literature’s greatest satirists, the problem here is that he goes too far: the piece is just too coldly rational, and never gives you the sly look that shows something else is going on. Is Turner a latter-day Swift? I hope so.


tags: , ,