Monthly Archives: June 2012

Assorted Links (Comp. Security)

Leave a reply
    1. German Federal Government intelligence agencies can decrypt PGP (German)
    2. Breakthrough silicon scanning discovers backdoor in military chip and Rutkowska’s essay on Trusting Hardware
    3. A closer look into the RSA SecureID software token
    4. Off-Path TCP Sequence Number Inference Attack
    5. Fixing SSL: the Trustworthy Internet Movement
    6. Alan Turing’s Wartime Research Papers: Statistics of Repetitions and On the Applications of Probability to Cryptography

Software as a By-Product of Organizations and their Processes

Leave a reply

The architecture of a software product and its underlying infrastructure is not totally determined by its intended functionality, but it tends to Confusion of Tonguesmirror the structure of the organization in which it is developed (mirroring hypothesis): this effect is so strong that an order of magnitude in component modularity is observed between the software made within tightly coupled and distributed development teams, consistent with the view that distributed teams tend to develop more modular products. That is, the ultimate software architecture is just a copycat of the communication structures of the organizations and their interactions, reflecting the quality and nature of the real-world interpersonal communications between the teams in its various degrees of integration: having a common and clear mission, their physical closeness and possessing formal authority over others to control development.

So be it, software created by distributed teams with misaligned incentives under the routine of design by committee will only give rise to wars of specifications. Human nature being what it is, will generate power-plays in the distribution of information impacting product quality, as the structure of a system tends to reflect the power relationships and status of the people and organizations involved.

The process of software design rests on a shared mental process between the software developers: the search space of its architecture is constrained by the nature of the organization within which this search happens. In closed systems, it’s widely but wrongly believed that the designs are highly modular: on the contrary, dependency density and propagation costs run high, and project schedules fall apart during component integration, specially due to the indirect system dependencies.

In the largest study to date to the arguably largest and most successful codebase in the world, the Windows operating system, it was found that organizational structure metrics were better predictors for classifying failure-prone binaries that other models using traditional metrics of code churn, code complexity, code coverage, code dependencies and pre-release defect measures. Hence, as much though is ironically given to software architecture, it turns out that a well-planned organization with the proper checks and balances is the key to reduce the amount of communication and coördination necessary for the success of software projects. And then, and only then, trust and the willingness to communicate openly and effectively, shall follow.

As it turns out, Conway’s Law, the old adage commonly invoked in Computer Science to sum up these ideas, is but a version of a much older story, the techno-reenactment of the Tower of Babel (Genesis 11:1–9).