Fairly Symmetrical
Cost-benefit analysis? What's that?
09/08/2003
So apparently the author of the SoBig worm is performing some kind of experiment—ostensibly to find out what the ideal conditions for a worm release are. (Details in the Star Tribune.) Exciting times ahead for the internet, no doubt; maybe people will slowly figure out why firewalls are good things. (I note that Microsoft is starting to ship XP with the built-in firewall enabled by default, which is something they really ought to have been doing before.)
Anyway, this quote really irritates me:
"NASA has virtually defect-free software," said Paul Saffo, director at the Institute for the Future in Menlo Park, Calif. "Why doesn't Microsoft achieve that same level of software? Because they think they don't have to and because everyone is rushing to introduce the shiniest bell and loudest whistle."
Maybe it's because when NASA has a software crash, billion-dollar pieces of equipment and actual human lives are at stake. Similar realities govern the development of software that goes into aircraft avionics etc. The people who write these kinds of software spend exorbitant amounts of money on testing and bugfixing, because the consequences of not doing so are unacceptable. If NASA has to spend a billion dollars to make sure the Space Shuttle computers are bug-free, they will.
In contrast, Microsoft's software isn't quite as vital. If Word crashes, nobody's going to die. It doesn't make any sense for them to spend billions on software QA, because nobody would be willing to pay for the software then. People would buy the much-cheaper (and correspondingly buggier) competitors. For those people who do need that kind of assurance, they spend the money to secure their own systems; firewalls, authentication, separation of services. If it's worth the cost, you do it; if not, you don't. It's that simple. If cost were no object and security/stability were the only criteria, everyone would still be running VMS or heavy-duty Unix on VAXen. As that's not the case, obviously most of the world has very different priorities.
Also on NASA's side is that their platform is very stable. Last I heard, the Shuttle was still running 386's and maybe 486's—1990-era computers. They've had years and years to get the bugs out. By comparison, MS has to support all the latest processors, peripherals, and services. They can't wait 5-6 years to get their software rock-solid; they'd be out of business before that happened.
This work is licensed under a Creative Commons License.
Leave a comment