Tuesday, June 22, 2010


- Code is a set of rules, principles or laws.
- Code is a representation of information or the system for transmitting messages with brevity/secrecy.
- Code in computing terms is a set of instructions that process data (data also ending up a form of code too). At its lowest layers code becomes signals or patterns of electrical current or light travelling from one point to another.

Note: These descriptions are logical frameworks within which an entity operates. They are not natural laws and more often than not can be broken.

Code is used in many facets of modern human life and in many cases controls our financial, utilities, transport and telecommunications systems globally.

What is a node?
Pretty much everything in this universe can be described as part of a greater interdependent system at one scale or another. In Information Technology a node is a representation of an entity in a system. The node can be an intersection point, a discrete entity in itself or an aggregate of components (including other nodes) which have been grouped together based upon shared attributes or functions.

When any node in a system runs software (e.g. code) it may perform and/or offer local or remote services. The service is dependent upon message passing across a medium from point A to point B. This message passing or signaling occurs on top of many predefined layers. Each medium and layer has rules for message passing/interpretation called protocols. The robustness of the code at each layer and the ability to handle exceptions comes in to question at times of failure or unexpected input. Accordingly other similar nodes or code may be affected if vulnerable to the same set of conditions. At different abstraction layers there is generally tight coupling (e.g. a rigid dependence upon other components in the system). The robustness of a system or service is then predicated on how it handles exceptions, failures, unexpected circumstances or changes in its operating environment.

Who or what controls the inputs, processes and outputs of code?
Who or what dictates the command and control channels for certain services and signaling between layers?
Who governs the use of code, the maintenance and the life cycle thereof?

Does the code:
- perform the required functionality?
- fail gracefully and signal as such?
- handle unexpected inputs and conditions?
- prove suitable to the environment where it is deployed?
- operate within certain pre-defined tolerances?
- withstand sentient attackers (does it have to)?
- prove defensible over time?

What and where are the interfaces between local/foreign code or code and humans?
Can the humans inject possible weaknesses or inflict damage to the system?

When one looks at computing resources connected directly or indirectly to a global or local network there are many potential vectors for attack or failure modes to be accounted for. Fancy a nibble or a byte from a Smörgåsbord of code?

If there is one thing that's constant, it's change. IT is about managing change.
People, process and technology are constantly changing but where does that leave the code and previous "point in time" testing? I am going to start arguing for "feature viscosity" and massive warning lists of caveats for "unintended use" as part of End User License Agreements.

Note: There is no globally recognised certification for software engineering akin to other professional trades and there is no line in the sand when the tide keeps changing.

SEI Certification (http://www.sei.cmu.edu/certification/) and FIPS(http://en.wikipedia.org/wiki/FIPS_140) / CC(http://en.wikipedia.org/wiki/Common_Criteria) don't count.

No comments: