My graduate professor at Johns Hopkins once told me that software engineering - when compared with civil engineering as a discipline- had progressed no further than the discovery of the right angle. He explained further that there is no silver bullet . . .

My graduate professor at Johns Hopkins once told me that software engineering - when compared with civil engineering as a discipline- had progressed no further than the discovery of the right angle. He explained further that there is no silver bullet or panacea available to perfect the "art" of software engineering; rather, it requires a methodology and a process to be successful. Various authorities, including Carnegie Mellon's Software Engineering Institute, agree that the software process model dramatically improves productivity, effectiveness and overall return on investment. Advancements in software engineering development have come about mainly as a result of the introduction of the software process model, or software lifecycle.

Network security engineers, following in the wake of software engineers, are scrambling to find their own silver bullet to provide solutions in the network security world. Much like software engineers of old, who mistakenly felt that reusable software and object-oriented design were universal solutions, security engineers are now using firewalls, PKI, smart cards, Kerberos, and intrusion detection tools as universal remedies. They too will learn that network security engineering ultimately requires a process to be effective and complete. Without this process, these perceived solutions are simply patches on the armor of a secure network and not a true defense.

The link for this article located at SecurityFocus is no longer available.