Искате го бързо или го искате добре направено?

Предполагам, че този блог ще е интересен на хора, които се занимават с компютри(системни администратори или просот фенове) :). На английски е публикацията, така че кръга се стеснява, но не ми се сяда да я превеждам статията - много е голяма :)

Преди 1 седмница си свалих Sunbelt Kerio Personall Firewall(ех купиха го бе!) и се абонирах за новини от тях. Оказа се, че имейлите, които получавам от тях са доста стойностни и интересни. Ето ви една статия от писмото, което получих днес. Нядавам се, че ще ви е поне толкова интересна колкото бе за мен!

Do You Want it Fast or Do You Want it Right?

In past editorials, we've discussed the effects that our fast-moving high-tech world has had on us. One of those effects seems to be more than ever, people not only expect but demand instant gratification in everything we do. I catch myself doing it all the time.

After getting used to a 15Mbps Internet connection, I get impatient when a Web site loads slowly. Wading through layers of voice mail menus to try to get to a real, live human being when dealing with utility companies, government offices and retailers drives me nuts. Even product packaging seems designed specifically to thwart me. (Luckily, as a writer I'm able to work from home so I don't have to deal with daily commuter frustrations, but I certainly sympathize with those who do).

This "need for speed" sometimes blinds us to the wisdom of the old saying: You can get it done fast or you can get it done right, but you can't have both. Of course, there's a corollary that sometimes you CAN get it done both fast and right, but it won't be cheap. Yet today, many of us seem to think we should be able to get all three at once.

This is nowhere more evident than when it comes to software. We deride software companies for slipping on their projected ship dates, yet we turn around and criticize them for shipping software that still has bugs. We demand access to beta versions of software, then denounce those betas because they aren't yet "ready for prime time."

Now that security has become such a huge issue, software companies face an even bigger challenge. Thousands of hackers are working away every day to find ways to exploit operating systems, networking protocols, and applications. Legitimate security companies do the same thing, hoping to beat the bad guys to the punch. When a vulnerability is discovered, whether by a hacker or a security expert, the software vendor is then expected to come up with a fix. That's a reasonable expectation. What's not always reasonable is the expectation that the software vendor will have a fix available immediately.

It may have taken the security experts literally years after the release of the software to discover a way to exploit it, but many of them then label the software vendor as irresponsible or lazy if a patch isn't rushed out the door within a few days. Often, under the tremendous pressure of public opinion, this actually happens. Sometimes it takes longer. Sometimes the quickly released patches work great. Sometimes they don't.

Anyone who's ever had his/her system hosed by a hastily-written security update knows that there's a downside to releasing patches before they've been fully tested on a lot of systems with different configurations. Has this ever happened to you? You read the horror stories about the latest discovered security flaw in a piece of software you're running and of course, you don't want to leave yourself open to attack so you immediately download and install the "fix." And lo and behold, it ensures that you won't be attacked, all right - because it also prevents you from connecting to the Internet, or maybe from connecting to a network at all, or maybe even from booting the computer. Your data is safe now, even from you.

Microsoft and other large software companies have a vested interest in seeing that security vulnerabilities in their products get fixed, but they also have a responsibility to those who use and depend on their products to get work done to "first, do no harm." That's why they have entire departments dedicated to responding to security incidents and reports of vulnerabilities, and set procedures for creating and testing patches before releasing them to the public. You can read about the Microsoft Security Response Center (MSRC) process for managing vulnerabilities at http://www.wxpnews.com/rd/rd.cfm?id=060110ED-MSRC. I personally know that there were a lot of people on that team who worked through the Christmas and New Year's holidays, when many of us were spending time with our families or out partying, to address various security issues that had come back over the holidays.

It's easy for us to criticize software companies (and we'll continue to do so when they do something that merits it, such as imposing customer-unfriendly licensing agreements). But as we begin a new year, I think it's a good time to acknowledge the long, tough hours of hard work that employees of those companies put in to bring us consumers and IT professionals the features that we ask for, and to respond to security concerns as quickly and effectively as they can and get those patches out quickly, and at no cost to us. In many cases, company employees could make much more money as consultants or critics, but they stay with the company and forego sleep and personal lives to bring us better software (not perfect software; there's no such thing). I salute them.

Let us know what you think. Should software companies keeping testing until all the bugs are gone before releasing an operating system or application? Is that even possible? Would you be willing to pay twice as much if it takes the company twice as much time to completely debug a program? Or would you prefer to have new software released more quickly and have the bugs patched as they're discovered? Do you think, in general, the industry does a good job of responding to security issues and balancing quality with fast response? Would you prefer to get patches more quickly and take the risk of conflicts or should they be tested more thoroughly before being released? Let us know your opinions at feedback@wxpnews.com.