Other
Commentary
2/6/2006
12:29 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Lessons Learned About Bugs And Software Quality

Listen to a podcast version of this newsletter


In This Issue:
1. Editor's Note: Lessons Learned About Bugs And Software Quality
2. Today's Top Story
    - Full Kama Sutra Tale Yet To Unfold
    Related Stories:
    - WMF Exploits Sold By Russian Hackers
    - The Need To Freeze Out The Bad Guys
    - Russia's Stock Market Knocked Offline By DoS Attack
3. Breaking News
    - Google, VW Developing In-Car Navigation System
    - Sabre Locks Up U.S. Airways Fares For Five Years
    - Top Tech Talent In Short Supply, Survey Says
    - Amazon Profits Fall
    - Analytics @ Work
    - Number Of Jobs Advertised Online Soar In January
    - New Technology Could Head Off Bird Flu
    - U.S. Seeks Free Trade Agreement With South Korea
    - IT Payrolls Mirror IT Value
    - IBM's iSeries Gets A Makeover
4. Grab Bag: News You Need From Around The Web
    - Blog Blooms Under The Sea
    - NASA Charts Storm Damage Pronto
    - How Much Should Hotel Web Access Cost?
5. In Depth
    - IBM Rounds Up Support For 'Standard' Ajax Environment
    - Linux Kernel Developer Says No To GPL 3
    - Microsoft Patent Victory Could Hurt Open Source
    - Novell Unveils Linux App Security Project
    - Review: Zimbra's Collaboration Suite
6. Voice Of Authority
    - AMD Poised To Finally Capture Dell
7. White Papers
    - Mobile Business Intelligence
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote of the day:
"For a list of all the ways technology has failed to improve the quality of life, please press three." -- Alice Kahn


------- Advertisement -------------------

#Ad:IWKDailySponsor1#

-----------------------------------------


1. Editor's Note: Lessons Learned About Bugs And Software Quality

During the month I spent reporting a story about Linux vulnerabilities (as yet unexploited), I found myself surprised on occasion.

I thought perhaps others would find some value in what I discovered along the way. So here goes. (To read more about this or to reply, please check out my blog entry.)

  • After years of buying into the accepted wisdom that Microsoft is the bogeyman when it comes to software quality, I found that isn't true. The overwhelming consensus by the security experts I talked to is that Microsoft's code is no worse than any other vendor's. Instead, the reason Windows gets slammed so much is that it runs on 96% of the world's desktop machines, and end users are nowhere near as persnickety as server admins when it comes to security. Put another way: Malware creators get into enterprises by means of the desktop. Going back five years and longer, sure, Microsoft (and everyone else) was mostly focused on adding ever-more features and functions to its software, and that philosophy meant debugging and security took a backseat to added functionality. But that's pretty well behind us now, the security gurus said, and the number of worms and viruses has more to do with how much code is in any given piece of software and how new the code is. So when you've got a bazillion lines of code in Windows, and it's constantly updated, you've got a virus factory in the making.

  • The paragraph immediately preceding this one is going to cause some who hate Microsoft to sputter and call me names. So be it. Another thing I learned is that many people are in love with their operating systems, on both sides of the divide. But hey, it's just software, folks. If it solves a problem, great. All of it, just by virtue of being software, has bugs and security holes and we're not making fun of anyone's mother here. Let's lighten up on the religious wars, shall we?

  • Some of the vulnerability numbers published by the much-vaunted CERT organization are, when it comes to Linux anyway, pretty much useless. Apparently, and I say "apparently" because nobody from that organization would talk to me about this despite six phone calls seeking comment, the CERT numbers count any given vulnerability each time it appears in any Linux distribution. So if the same flaw appears in, say, both Red Hat and SuSE Linux, it's counted twice. I don't know why CERT does this. But it makes comparing the numbers between and among operating systems downright impossible, and, as we all know, one number standing by itself doesn't tell you much.

  • Fundamentally, what the Kama Sutra worm and all the other viruses and attacks we've been dealing with lately come down to is the awful state of software quality in general. Clint Kreitner, president of the Center for Internet Security, says that buyers have for too long accepted a very low quality level in the software we use, and that we're reaping what we sow after years of pressuring vendors to give us more features. "This isn't about evil vendors," he says. "It's about buyers of software expecting high levels of functionality at the expense of security."

    Johanna Ambrosio
    jambrosio@cmp.com
    www.informationweek.com


    2. Today's Top Story

    Full Kama Sutra Tale Yet To Unfold
    Because most still-infected computers belong to home users, the real scale of any data loss caused by the Kama Sutra worm may not be known until early this week.

    Related Stories:

    WMF Exploits Sold By Russian Hackers
    The biggest reason the Windows Meta File bug caused so much havoc, security researchers are saying, is that Russian hackers sold the exploit to anyone with the money.

    The Need To Freeze Out The Bad Guys
    The real danger today, according to Kaspersky Lab, one of Russia's top software companies and maker of a leading antivirus product, is targeted attacks by criminals against specific companies, which are very difficult to protect against.

    Russia's Stock Market Knocked Offline By DoS Attack
    A denial-of-service attack brought down the main Russian stock exchange for more than an hour Thursday, a Moscow-based security company says.


    3. Breaking News

    Google, VW Developing In-Car Navigation System
    The system will display actual photos of the route instead of the line drawings found with most GPS devices.

    Sabre Locks Up U.S. Airways Fares For Five Years
    Airline says it will stop investing in development of its own corporate booking portal.

    Top Tech Talent In Short Supply, Survey Says
    The IT job market has improved to the point where there will be a shortage of CIOs, chief technology officers, and other top IT talent this year, according to headhunters.

    Amazon Profits Fall
    A 43% drop in net income was due in part to heavy spending on incentives to attract companies. The marketing blitz appears to be working: subscriptions to the Amazon Prime shipping program doubled from November to December, the company said.

    Analytics @ Work
    Four CIOs reveal their best practices when it comes to business intelligence.

    Number Of Jobs Advertised Online Soars In January
    Demand for jobs increased across all regions of the nation, with the largest gain reported in the area of Hurricane Katrina reconstruction efforts, Monster Worldwide said.

    New Technology Could Head Off Bird Flu
    A new microarray can, within hours, pinpoint pathogens that can infect humans. The technology is widely available to researchers for free.

    U.S. Seeks Free Trade Agreement With South Korea
    The Semiconductor Industry Association is backing the move because South Korea is the world's 10th-largest market and a large opportunity for chip vendors.

    IT Payrolls Mirror IT Value
    IT services and software companies see gains as hardware manufacturers report losses in U.S. employment.

    IBM's iSeries Gets A Makeover
    As part of the System i5 refresh, IBM is adding an accelerator for its low-end models that will allow customers to run Web-enabled and groupware solutions on the same system as their core business applications.

    All our latest news

    Watch The News Show

    In the current episode:

    John Soat With 'Eye On IT'
    AMD reports increase in 4Q revenue, more job postings online in January, and BigDaddy.com to advertise during Super Bowl.

    Bruce Boardman With 'PC On A Stick'
    A review of Finger Gear's "Computer-On-A-Stick" bootable USB drive.

    Alex Wolfe With 'The OS Of Love'
    Check out some of the top entries from Intel's independent digital film contest at Sundance.


    ----- The latest research, polls, and tools -----

    Do You Deserve A Raise?
    Is your career on track? The editors of InformationWeek magazine invite you to participate in our ninth annual National IT Salary Survey. Here's why you should participate: It's fast. It's convenient. It's confidential. We'll compare your salary and job-satisfaction responses to those of your peers in a 30-plus-page report.

    Free Online Benchmarking
    Take a five-minute break and try one of the 18 research tools available from InformationWeek. They're informative, confidential, totally free, and just a click away.

    Innovative Strategies
    The InformationWeek 500 report outlines the best IT and business practices of the InformationWeek 500 across core areas of operations, including IT budgets, technology deployment, strategies, and staffing.

    -----------------------------------------


    4. Grab Bag: News You Need From Around The Web

    Blog Blooms Under The Sea (AP)
    A Web journal is keeping track as scientists explore a massive volcano that's submerged thousands of feet under water off California.

    NASA Charts Storm Damage Pronto (Wired News)
    Survey teams don't need to wade into nasty swamps to map New Orleans after Hurricane Katrina did its dirty work. New remote-sensing tech speeds up the process.

    How Much Should Hotel Web Access Cost? (Slate)
    Sometimes it's free. Sometimes it's $20 a day. Why?


    5. In Depth: Open Source

    IBM Rounds Up Support For 'Standard' Ajax Environment
    Google, Oracle, and Yahoo are among the backers of an effort to allow developers to work with Ajax on the Eclipse programmer's workbench.

    Linux Kernel Developer Says No To GPL 3
    Linus Torvalds, the creator of Linux, is not supporting the new version of the General Public License. He objects to a new proposal that would require people to make previously private keys available, calling the idea "insane."

    Microsoft Patent Victory Could Hurt Open Source
    The software vendor's victory in the file allocation table patents battle is raising concerns in the open-source community. Some fear this means that global patents systems pose a danger to the health of Linux and the open-source community at large.

    Novell Unveils Linux App Security Project
    AppArmor is enterprise-level security software that Novell says can be deployed in hours and maintained cost-effectively without needing deep Linux or security expertise.

    Review: Zimbra's Collaboration Suite
    This open-source solution makes for easy deployment and simple, if not complete, administration.


    6. Voice Of Authority

    AMD Poised To Finally Capture Dell
    The long-anticipated introduction of the first Dell computers using processors from Advanced Micro Devices is expected to come within weeks--or at the most within a few months. This is yet another impressive milestone for AMD, Darrell Dunn says, and it gives Intel another black eye.


    7. White Papers

    Mobile Business Intelligence: A Report By Summit Strategies
    This report by Summit's director of virtual client strategies discusses how to combine the power of business intelligence with the flexibility of mobile technologies.


    8. Get More Out Of InformationWeek

    Try InformationWeek's RSS Feed

    Discover all InformationWeek's sites and newsletters

    Recommend This Newsletter To A Friend
    Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


    9. Manage Your Newsletter Subscription

    To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

    Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

    Keep Getting This Newsletter
    Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
    InfoWeek@update.informationweek.com

    If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

    We take your privacy very seriously. Please review our Privacy Policy.

    InformationWeek Daily Newsletter
    A free service of InformationWeek and the TechWeb Network.
    Copyright (c) 2006 CMP Media LLC
    600 Community Drive
    Manhasset, N.Y. 11030

    Comment  | 
    Print  | 
    More Insights
  • The Business of Going Digital
    The Business of Going Digital
    Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest Septermber 14, 2014
    It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
    Flash Poll
    Video
    Slideshows
    Twitter Feed
    InformationWeek Radio
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.