Off-Shore Engineering
Liberty Young
plug-discuss@lists.plug.phoenix.az.us
13 Mar 2003 09:32:03 -0700
On Thu, 2003-03-13 at 05:41, G.D.Thurman wrote:
> On 12 Mar 2003, David Mandala wrote:
>
> > Since their quality can be outstanding that is going to be hard.
> > American Express is now more then 75% sourced in India where they have
> > PhD programmers getting and happy with $7 per hour.
> >
> If company Foo outsources computing work to
> company Bar, then what about Homeland Security?
> [It doesn't matter what country Bar is headquartered
> because allies are not necessarily trustworthy.]
>
> Does the following happen? Foo outsources work to Bar
> and accepts/uses an executable in lieu of source code.
>
> Even if Foo receives code and builds the executable,
> how extensively does Foo review the code?
>
> Can the computing profession argue against some
> outsourcing practices based on Homeland Security?
>
> Thurman
I've had this discussion with my parents. The main point forgotten is
that we've been doing this for YEARS now; in fact, it is how we've
gotten ourselves into adolescent global economy.
If we are THAT worried about off-shore outsourced threats in our
software, then we should also be worried about off-shore outsourced
threats in our manufactured goods.
Just how hard is it for a Korean, Chinese, or Indian semiconductor plant
to take the designs of a chip, introduce some backdoor, or worse, a
FLAW, into the production run a three months after it's had a chance to
saturate the market?
Remember the dollars lost when Firestone produced a faulty batch of
tires installed on a popular S.U.V. ? In addition to the dollars lost,
the US people lost faith in both companies, which means we don't buy
their product, and thus more jobs and dollars are lost.
The fact is, we _do_not_ inspect every piece of car manufactured
overseas; we don't do the same for semiconductors, we don't do the same
for tires, etc. etc.
So why should we give Special attention to software?
No, the threat has always been there; if you want to horde the software
jobs, that's one thing. But the sad fact of the matter is that the big
firms are treating the manufacture of software the same way they treat
the manufacture of clothes.
If you want to inspect every piece of code imported into the US, then i
ask you inspect every logic gate of a chip, every brake of a car, every
tire, and every stitch of clothing.