Call for Rugged Stories!

[Jeff Williams]

Hi,

The news is absolutely full of stories about security failures, but
where are the stories about the "rugged" software? Turns out it's
easy to find vulnerabilities once you know how to look... it's like a
magic trick that's only interesting until you know the trick.

I find strong security far more interesting. Designing strong, simple,
easy-to-use security controls is challenging. Creating workflows that
simplify security-laced activities like registration, file-handling,
data-protection, etc... can be beautiful and elegant.

Our first project is to start to define what we mean by "rugged"
software. We'd like to build this through stories of software that is
"rugged" in some way. It's up to you to decide what stories are
appropriate. Can you think of a project, people, or technology that
impressed you as being "rugged"?

Personally, I thought what Wietse Venema did with Postfix was one of
the most Rugged things I've ever heard of. He took on the venerable
Sendmail at a time when it was responsible for most of the major
computer security problems to date. Instead of going with a monolithic
uber-privileged executable, he created a minimal and modular
collection of programs with minimal privilege.

Share your experience! You can reply to this thread with your
stories. Like Jim Collins did in "Good to Great," once we have these
stories, we can start to pull together the Rugged principles and
practices.

Thanks,

--Jeff