Ray Herring (11/2/2015)
"but I also truly believe that the pressures of getting software released overwhelm the concerns and dangers that exist overall. "
You can talk about "the idiots that design" or "trusting to the good will" or government conspiracy or whatever Machiavellian reason you care to but Steve identified the issue with in his excellent editorial.
...I have never, not ever, sat in a preliminary design meeting, project status meeting, or delivery meeting where management was interested in delaying the start or finish of a project to ensure security, reliability, etc. goals were met....
The closest I have come were discussions of which bugs had to be fixed in a given delivery but the bugs rarely concerned security or even performance issues.
Nice. I agree with your points, but I'll stick by what I said. At no point did I disparage "all designers" or "all developers". I called out a select few idiots because what they did was clearly idiotic. The only one with any reason to take offense to that would be the idiots alluded to in the post.
Let's look at what I actually said.
"auto companies need to be held responsible for the idiots that designed systems that would allow someone to control your vehicle through the radio."
This sentence clearly puts the blame on management. Whenever someone says a company needs to be held responsible, they are referring to management.
Also, "designed systems that would allow someone to control your vehicle through the radio" clearly calls out the "idiots" as idiots, because, well, how much of an idiot do you need to be to design something that poorly? I would love to hear one of those idiots, I mean engineers, argue that the design was due to pressure from above to do it quicker, I imagine we would have weeks of laughs on various social media sites!
They designed a system that is part of a 2-ton killing machine, that allows anyone with Bluetooth access to take control of said killing machine remotely, without authorization, without any frickin security at all, and which allows that person to have complete unhindered control of the machine!
I think that is about as bad as the idiots who designed and shipped UAVs without any security WHATSOEVER, that allowed people anywhere to access them. Nah, an automobile can be controlled by anyone who wants to murder, rape and rob innocent people anywhere. As bad as allowing anyone to view the remote feed from a UAV is, I think the auto example is far worse.
I am sorry, but there is a huge difference between a bug that wasn't caught due to time constraints, and what is possibly the worst design decision of any software in the history of man.