[Discuss] Port Scanning

Rich Pieri richard.pieri at gmail.com
Tue Aug 6 07:52:46 EDT 2024


On Tue, 6 Aug 2024 00:31:39 -0400
Bill Bogstad <bogstad at pobox.com> wrote:

> Did I say that I wanted perfection?  In text that you removed, I

No. Kent was suggesting that. I'm sorry that I conflated your and their
arguments. Because you and I are in vehement agreement.


> programs by something like 5-10%.   Does anybody do this?, not as far
> as I know.  Our priorities seem to be organized into something like

The Rust language is an example of people doing exactly this. It's
good, not perfect, but much better than C. And when optimized well, it
can perform on par with or better than C.

> this:   time to market, features, performance, pretty UIs, price (i.e.
> development cost), .......... , security.  We would have a whole lot
> fewer moles to whack if we changed our tools.   I would argue that we
> would probably improve debugging (development) costs as well because
> bugs would be found and fixed a lot more easily.   To be fair, it

I agree. To borrow from the Kent side of this discussion, complexity is
not the worst enemy of security. Time is. Learning new programming
languages and techniques takes time, more time in short terms than
doing things the way we always have. Time and money would definitely be
saved in the long term by being better at writing code, but we're in a
world where tomorrow doesn't matter to investors and C-suite
executives. They want their profits immediately and with the fewest
expenses possible. Things could definitely be better but I fear things
will have to get much worse before the costs of security failures begin
to outweigh the short-term profits that investors demand.

-- 
\m/ (--) \m/


More information about the Discuss mailing list