Forgot your password?
typodupeerror
Security United States

Is Off-Shoring a National Security Threat? 319

Posted by timothy
from the never-buy-outside-your-zip-code dept.
An anonymous reader writes "Should the U.S. government hold developers more responsible for the quality of their code? One top cyber security analyst says more regulations would be a mistake. 'Any attempt to regulate software quality and security simply drives the software industry off-shore for good,' he says. 'Similarly, requiring trusted on-shore production ensures two things: (1) falling behind world progress as we aren't the only smart people and we are a minority, and (2) costs rise in a way that makes on-shore-mandated software cost-uncompetitive on the world market.'"
This discussion has been archived. No new comments can be posted.

Is Off-Shoring a National Security Threat?

Comments Filter:
  • by MrSavage (2127458) on Tuesday October 04, 2011 @11:09AM (#37599328)
    We should regulate off-shore produced code and push jobs back to the U.S. the same way we should apply tariffs to products made in China.
  • by Nadaka (224565) on Tuesday October 04, 2011 @11:25AM (#37599578)

    It isn't just secrecy. It is quality. In india, being a good programmer means getting promoted to management immediately. The only people left to code are those who are failures or newbies. As a result, the quality of code coming from overseas is crap and often broken. They often deliver completely broken code, or code that only works for a small subset of valid inputs, or that has terrible maintainability and performance. Every bit of that code you get back has to be thoroughly vetted and usually scrapped and rewritten from the ground up.

    So yes, it definitely increases risk.

  • by WCMI92 (592436) on Tuesday October 04, 2011 @11:31AM (#37599664) Homepage

    It's a threat that will eventually bring down every company that does it. It is a cheat, a dodge used to avoid paying market rate for wages while still depending on the market you are taking the jobs away from to remain strong enough to buy your product (which is likely too expensive to sell in the off shore market where you are underpaying for labor).

    Ergo: Every company that uses offshoring depends on EVERYONE ELSE to not do the same so that there is still a market for their product. Eventually everyone will offshore in order to not get undercut in price, to the point where Americans no longer make a wage sufficient to keep the economy afloat so that there is sufficient money in the economy to allow the purchase of the offshored product.

    In other words, it's ultimately a self-destructive strategy that will end in dragging down first world markets to third world economic levels. We may already be past that critical point, looking at the perpetual recession we are in.

  • by 0123456 (636235) on Tuesday October 04, 2011 @11:49AM (#37599898)

    Isn't that why GM was bailed out, to keep the industrial capacity in the US?

    You think that if GM had been broken up the Chinese would have packed up the factories and shipped them to China?

    GM was bailed out because Obama needs those union votes.

  • by ErichTheRed (39327) on Tuesday October 04, 2011 @12:01PM (#37600032)

    During the banking crisis, people in the US and the UK heard this a lot about the financial sector -- if you regulate them too much, they'll just move somewhere without regulations. I think there's some truth to that, but I can't imagine every company loves the idea of operating in a completely unregulated environment.

    One of the things I'm all for is professionalism in the IT world. Computers have been around for a long time, and now they're 100% vital to peoples' daily lives. It's time to start thinking about a couple of things:

    - Separating the design and deployment portions of the IT landscape

    - Making the design part a real branch of the engineering profession, with a set of educational standards

    - Making the deployment part a skilled trade, with the necessary apprenticeships and career progression to attract new hires

    Having a professional body would allow us to stand up to employers who demand that the schedule be crunched once again to meet an arbitrary date. No one tells a licensed PE who is liable for work they sign off on that they just lost a week of design time because someone said so...PEs are aware that they could lose their license or be sued out of existence. Currently, software isn't considered infrastructure, and so projects aren't run like bridge construction...they're arbitrary, and not grounded in reality.

    The problem is that the field of IT is very broad. You have systems guys like me, network guys, software developers, deployment experts, hardware engineers -- it's all over the map. One thing I don't like about the current state of our profession is a lack of training standards. We leave a lot of training up to vendors like Microsoft, Cisco, Oracle, IBM, etc. who have a vested interest in selling product and training a generation of newbies to use their technology. You also have a lot of independent IT people who have no desire to associate with a larger body of professionals, and wouldn't want the responsibility that professional status gives them. Even with the liability, I would be happy to be the equivalent of a PE because (a) I do good work, and (b) I'm well aware of what I don't know, and ask other professionals for help when needed. Other people in our field want nothing to do with this...they like the idea of being a cowboy coder or cowboy sysadmin and flying by the seat of their pants. Professionalism would also mean slowing down, realizing what works in terms of systems design, not trying to reinvent things every 6 months, etc. The laws of physics and properties of fluid dynamics don't change much -- techniques are introduced gradually in other branches of engineering. In our world, it's "new programming language", "new design pattern", "new OS", "new hardware design" every few years, and often it's just a rehash of what's come before.

    The other problem, and the one that this article addresses, is that other countries are probably not willing to commit to playing by the same rules if we adopted them. In fact, there would be a huge uptick in business at "Joe's Code Shack" because they would promise unreasonably short turnaround times and just throw labor at the problem. It's not really a national security issue -- the root cause is that no one is willing to pay for proper engineering work and they just want things faster and faster for less money.

    I think that a lot of specialized industries are starting to figure out what they can offshore and what just doesn't work when it comes back. I do systems integration work, and I have seen first-hand the disasters that come back from the "code monkeys" when there are no specs and bad oversight. It's not a cost savings if you have to hire a US contractor at 4x the rate of an FTE to wade through the mess and make it maintainable. One problem is that a lot of industries see IT is "grunt work" coding that people don't necessarily notice when it's done poorly. Anyone working for a large multinational who offshores development is probably well versed in things like internal web applications that crash

  • by bsDaemon (87307) on Tuesday October 04, 2011 @12:50PM (#37600822)

    The reason that Germany and Japan didn't win WW2, other than having Italy drag them down and open up another front of attack, is US industrial production. Before we entered the war, we were able to supply Britain and Russia. When we entered the war, we could out-produce everyone. Imagine if we were heavily dependent on China, Taiwan, etc for production of good back then? We'd be stuck -- not because we were at war with them, but because Japan was and had them cut off. You have to think about that, too. Anything that threatens your supply chain threatens you and will, eventually, lead to loss of life. That's just how it works,

  • by pixelpusher220 (529617) on Tuesday October 04, 2011 @12:57PM (#37600918)

    No, there shouldn't be any requirements for private businesses

    Yes we should let them utilize child labor because, hey, the market *knows* best.

    Tax Cuts for staying on shore are *exactly* the same as penalties for going offshore. Seriously, how is it any different? The latter means you have more revenue available. The former means you have less revenue available. That's not a plan forward that's a plan to spiral downward.

    the last decade has clearly shown that tax cuts do *not* stimulate the economy. If they did, why are we still in a recession? Why did we have the lowest job growth period in the last few decades during the time taxes were the lowest in 50 years?

    Corporate Tax cuts do *not* work. Stimulus on the other hand actively puts money into the economy. Tax cuts just put it in companies pockets and then you *hope* they spend it. We've seen they aren't spending it, so why give them more?

    Nobody is going to hire new workers until there is enough demand. It doesn't matter what the tax rate is. If there isn't enough demand, they'll just pocket that tax cut which doesn't help anyone and only adds to the deficit. Better to spend money on stimulus and get money circulating through the economy and creating demand.

  • by CrimsonAvenger (580665) on Tuesday October 04, 2011 @01:06PM (#37601040)

    They haven't net created job but have assuredly reduced job losses. The best estimate, is

    If they've "assuredly" reduced job losses, perhaps we wouldn't have to "estimate" how many were so saved.

    Alas, we can't do reproducable science here to find out - there's no way to "stimulate" the economy and "not stimulate" the same economy to see what really happens.

    That said, last I looked at the estimates for "jobs saved", almost all of them were state government jobs that wouldn't have been downsized anyway - the States would have just raised taxes or borrowed more to pay for them.

"Well hello there Charlie Brown, you blockhead." -- Lucy Van Pelt

Working...