Wednesday, December 01, 2004

Paradox

Between work and school, it seems I never run out of things to be thinking about. Today we will re-visit one of my old favorites. Program Design.

An interesting paradox:
Create a secure application that is capable of preventing/identifying fraud.
We can’t tell you what you are to secure, and what holes there are in the design, as we wouldn’t want you to exploit them.

Yes, separation of duties is important.
Yes, confidentiality is also paramount to keeping public knowledge of vulnerabilities to a minimum.
But, if you can’t trust your development team, at least to help with the design, whom can you trust?

In a development team, where exactly are the barriers? How stiff should they be? Is there a hard and fast answer? Project management is a challenge; there are a lot of questions to be answered. This is perhaps one of the reasons that people working in information technology need to have a keen sense of personal ethics.

No comments: