Working Up

by Dwayne Phillips

If it has software, it can be hacked, i.e., it is not secure. Sorry to write that, but I can’t find any way around it.

What a wonderful world. We have computers everywhere. Those computers all run software, which is nothing more than instructions written by persons. And all those persons have at least one common trait:

All those persons are imperfect.

Okay, now we have that out of the way, let’s move on.

In my daily viewing of the Internet, I often write the phrase Is everyone ready for national electronic health records? I write that phrase after noting some big security problem that has been noted somewhere on the Internet. Hackers have uncovered thousands of credit card numbers or thousands of email passwords or thousands of other pieces of information that people would rather the hackers not uncover.

Why can’t these systems be hacker proof? Why can’t we write software that is iron clad secure? Look back up a few paragraphs:

• software is written by persons
• all those persons are imperfect

You see, persons try to write secure software, but…

And then note this from a while back:

…it takes about 125 lines of code to create the typical piece of malware and it takes about 10 million lines of code to create sophisticated technologies to protect against it.

Which is easier to do, write 125 lines of code or 10 million lines of code? Which is more likely to have fewer errors?

Get the picture? Next time some politician promises that all those health records that will be online will be secure, mention this and about ten thousand other blogs that explain why those national electronic health records will not be secure.