Skip to content

Commentary

Virgin on Business: C.S.I. Software

Given Volkswagen's deceit, how can we know when malicious code is being foisted upon us?

By Bill Virgin December 21, 2015

bill-cartoon-headshot_10_10

This article originally appeared in the January 2016 issue of Seattle magazine.

Tthe credibility of Volkswagen executives these days is about as low as that of a card sharp in an Old West poker game who has just deposited seven aces of varying suits onto the table.

Wha … wha … how did those get there?

They got there because he put them there, just as those lines of code designed to deceive emissions tests were deliberately put into the software of VWs diesel-powered vehicles. Software code neither spontaneously generates itself nor has artificial intelligence advanced to the point that on-board programs take it upon themselves to come up with ways to fake test results. Those aces and those lines of code were human enterprises.

The punishment for VWs transgressions will be far more expensive, if less draconian, than what likely happened to that hapless poker player. Some VW executives became ex-executives, sales and the stock price took hits, fines and lawsuit settlements could run to the billions, and not only is the companys reputation shot, but so is the credibility of diesel technology.

VWs debacle abounds with teachable moments. Heres an overlooked aspect that deserves more attention, particularly in this tech-intense region: We could be seeing the opening of a huge new growth opportunity, one that could generate thousands of jobs and millions in revenue as if the tech industry really needed another. Call it the rise of software forensics.

Much as one would wish to claim the coining of the term, someone else got there first. Theres even a Wikipedia entry for software forensics, noting that its used to determine if a problem created by software is intentional or carelessness.

Computer and internet security are already big and well-established fields, a focus of freestanding companies, operations within large tech companies, research organizations and government agencies, not to mention individuals and non-tech companies trying to protect their privacy, their finances, their intellectual property, anything that someone might have an interest in stealing or destroying.

But most of that focus is outward. To judge by news reports, by personal experience, even by the daily accumulation of digital crud in the email spam filter, on some days it seems half the traffic on the internet comes from thieves and marauders trying to break into computer networks or to get people to download malware and security breaches.

What about the lines of code that are there to start with, that are up to no good?

Microsoft Windows has about 50 million lines of code. That sounds like a lot, but its merely half the total that goes into a modern car.

The numbers are going to get larger as more software is crammed into everything and is counted on to do more. Imagine what the total is going to be when driverless cars hit the road.

Even if the total is a fraction of that, do you think any-one has taken the time to read all of them? If there were lines in there that shouldnt be, who would know?

Most of us wouldnt know what to look for even if we knew where to look or that we needed to look for something amiss. But somebody who has invested the time and effort to learn it will know, and those who do will find their services in great demand. Law firm or government agency investigators, for example, might be interested in finding lines of code buried in the software to do something naughty, and to trace whether such code was the work of a rogue employee or a deliberate strategy concocted by higher-ups.

So, parents, theres one more enticement to steer your young uns to study computer science. They could do well by doing good in ferreting out software threats coming from inside the security wall, or do well if not so laudably by learning how to keep those extra digital aces from making an appearance at
exactly the wrong moment.

Monthly columnist Bill Virgin is the founder and owner of Northwest Newsletter Group, which publishes Washington Manufacturing Alert and Pacific Northwest Rail News.

Microsoft Windows has about 50 million lines of code. That sounds like a lot, but its merely half the total that goes into a modern car.

The numbers are going to get larger as more software is crammed into everything and is counted on to do more. Imagine what the total is going to be when driverless cars hit the road.

Even if the total is a fraction of that, do you think any-one has taken the time to read all of them? If there were lines in there that shouldnt be, who would know?

Most of us wouldnt know what to look for even if we knew where to look or that we needed to look for something amiss. But somebody who has invested the time and effort to learn it will know, and those who do will find their services in great demand. Law firm or government agency investigators, for example, might be interested in finding lines of code buried in the software to do something naughty, and to trace whether such code was the work of a rogue employee or a deliberate strategy concocted by higher-ups.

So, parents, theres one more enticement to steer your young uns to study computer science. They could do well by doing good in ferreting out software threats coming from inside the security wall, or do well if not so laudably by learning how to keep those extra digital aces from making an appearance at
exactly the wrong moment.

Monthly columnist Bill Virgin is the founder and owner of Northwest Newsletter Group, which publishes Washington Manufacturing Alert and Pacific Northwest Rail News.

Follow Us