Behavioural scientists say that almost all people lie and it often goes to those little white lies to others not to offend. You have roughly two types: the lie by action – a deliberate misleading statement – and the lie by omission
That last is difficult, because you’re telling the truth, but leave out a crucial detail that the whole story in a different light would allow. As a father of four children, I know the lie by omission only too well. Here is a common scenario in information security who know not many people and the lie by omission illustrates perfectly.
The ‘report’ about the code
I was recently invited for a review of a security product. Like many suppliers, this author also claimed that the product was not hacking. To prove this thesis, the software was submitted to an “independent” security company with a good reputation and the package received a stamp of approval from the company.
That was because no programming errors found and no vectors to hacking product. The sales manager presented this “fact” beaming in the audience. So I asked him if he wanted to share the detailed report with me and that he liked. But I was, as I had expected, a one-page summary which said that an audit had found no bugs.
The sneaky secret
Perhaps the most would assume that this result means that the code free of bugs and is not hacking. But nothing is less true. The sales manager did not know this, but I had previously worked for the said security company and had discovered his secret: they are speaking the truth. But it was that a lie by omission: they hold an important truth behind
What these companies do not tell you is that the submitted product twice is viewed.. The first review they find bugs and errors. Suppliers get these errors, and then, the software in the second round. The company reviews the code than fleeting, with the same items are evaluated and tested. Subsequently, the bug-free explained. At the end of the ride, the supplier can officially state that the product is not to hack revealed.
The outcome is already clear
All the outset suppliers know that the product eventually will be approved. After that they can sprinkle with the “fact.” But this node like in the ears: no software is free of bugs, no matter what a report says – for various reasons,
First, it is the goal of most of these types of reviews for a ‘report. “To finish the software is error free. If the objective is, how can there be a different outcome? It may hardly needs this statement, but the objective to obtain a flawless product, obviously determines how thorough are the looks
Hereinafter. What’s going on behind the scenes and how can we take care of more secure code?
No comments:
Post a Comment