Puzzle of the Day

A large software company has decided to develop a secure computer system. They have requested their top designers and programmers to create a viable design, and implement it. However, sensing a large market, the president of the company has asked that the product be completed as soon as possible without sacrificing quality. The marketing folks have been presenting the design of the system under development to major corporations and government agencies, all of whom have reacted enthusiastically. All have been promised a firm ship date.

To meet this date, the programmers must complete the product quickly so it can be tested. The programming is taking more time than was initially thought, and the testing time is being reduced to enable the product to be completed and shipped on time.

The president is beginning to get nervous about the quality of code and the design of the product. You are brought in as an independent consultant, and asked to check the work done so far, and if there are problems recommend changes. You check the design, which is clearly aimed at securing network communications, and then you check the code. There are no comments, and the code is not well modularized at all. When you speak with the programmers, they complain about pressure to write code quickly and the lack of time they feel they need.

  1. Given what you know from the above, what questions would you raise about the design of the secure system?
  2. What would you report as being the most serious impediment to getting this product out the door? In other words, what would your report identify as being the main security concerns here?

You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 1/15/98