Puzzle of the Day
A large software company has decided to develop a secure computer
system. They have requested their top designers and programmers to
create a viable design, and implement it. However, sensing a large
market, the president of the company has asked that the product be
completed as soon as possible without sacrificing quality. The
marketing folks have been presenting the design of the system under
development to major corporations and government agencies, all of whom
have reacted enthusiastically. All have been promised a firm ship
To meet this date, the programmers must complete the product quickly so
it can be tested. The programming is taking more time than was
initially thought, and the testing time is being reduced to enable the
product to be completed and shipped on time.
The president is beginning to get nervous about the quality of code and
the design of the product. You are brought in as an independent
consultant, and asked to check the work done so far, and if there are
problems recommend changes. You check the design, which is clearly
aimed at securing network communications, and then you check the code.
There are no comments, and the code is not well modularized at all.
When you speak with the programmers, they complain about pressure to
write code quickly and the lack of time they feel they need.
Given what you know from the above, what questions would you raise
about the design of the secure system?
What would you report as being the most serious impediment to getting
this product out the door? In other words, what would your report
identify as being the main security concerns here?
You can also see this document as a
Binhex Framemaker version 5 document,
plain ASCII text document.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 1/23/97