[86490] in North American Network Operators' Group
Re: Networking Pearl Harbor in the Making
daemon@ATHENA.MIT.EDU (Christian Kuhtz)
Mon Nov 7 12:40:11 2005
In-Reply-To: <Pine.NEB.4.63.0511071213360.18874@server.duh.org>
From: Christian Kuhtz <kuhtzch@corp.earthlink.net>
Date: Mon, 7 Nov 2005 12:39:31 -0500
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Nov 7, 2005, at 12:16 PM, Todd Vierling wrote:
> On Mon, 7 Nov 2005, Christian Kuhtz wrote:
>
>>> How so? Haven't we recently seen an across the board bug in
>>> multiple version of $vendor code?
>>
>> And that's evidence of what other than nobody is willing to pay
>> for what it
>> takes to get better code out of $vendor?
>>
>> Code can be built better. It just isn't always economical to do so.
>
> In some business models.
>
> Financial reports regularly hint that $vendor has margins far
> exceeding the
> costs necessity to clean up security-critical code. When the
> aggregate
> margins drop thanks to folks choosing $vendor2 because $vendor has
> decided
> to let security flaws stew, it's time for $vendor to reevaluate that
> business model -- at least a little.
Apparently they're still in business, and they're making money, and
that means people are still buying their stuff. And as long as
that's true, nothing will change. Correlating a margins over a very
large product range with bugs specifically in service provider gear
is problematic in my opinion. Apples v Oranges. Whatever, it really
doesn't matter.
Reliability should be engineered by the SP, not exclusively expected
from any one vendor. And you can improve reliability by using same
devices in a particular fashion, not just by using different devices,
which was my whole point about calculating reliability in the first
place.
Thanks,
Christian
