Hosting Provided By

RE: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113

From: Ogle Ron (Rennes) <ron.ogle(at)thomson.net>
Date: Tue Nov 26 2002 - 12:46:58 EST

There are programmers out there who are professionals and will use best practices and produce great code. Then there are the average programmers, who out of ignorance and/or laziness will continue to provide the bare necessity to keep the pointy-haired manager off their back. For a product to fail, it only takes one average programmer to screw-up a product. BTW, how does a pointy-haired manager tell who's average and who's professional when they are hiring? Certifications, yah right.

George has got it right for reality. So how do the caring professionals fix the real problems to making better code? A couple of suggestions (the first 2 can be accomplished on an individual level):

Through personal development. Each person should strive to continue learning better ways of doing your job.
Through mentoring less-experienced. Most of you on the list know what should be done, try to instill the same concepts in your teams.
Support legislative efforts to make companies responsible for the code that they produce. Legal liabilities can be just as strong or stronger in incentivizing a company to do the right thing.
Try to get your company interested in the Software Engineering Institute's Capability Maturity Model (SEI CMM). The target would be to produce the right product on time and in budget.
Support ethical hacking. We've seen many companies at least start to acknowledge that they have a problem through the efforts of external hacking and vulnerability testing. This is the part where consumers start to get educated because of the bad press.
Join ACM and IEEE and try to push for more professional standards in software development.

My .02 Euro (Now worth more than .02 US cents) Ron Ogle
Rennes, France

> -----Original Message-----
> From: George Capehart [mailto:gwc@capehassoc.com]
> Sent: Saturday, November 23, 2002 01:17 AM
> To: David Wheeler
> Cc: secprog@securityfocus.com
> Subject: Re: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113
>
>
> David Wheeler wrote:
.....
> Based on the preceding two paragraphs, it would be easy to "blame" the
Received on Tue Nov 26 20:30:11 2002

This message: [ Message body ]
Next message: Dana Epp: "Security Education in the Workplace"
Previous message: Elliott Mitchell: "Re: Are bad developer libraries the problem with M$ software?"
In reply to George Capehart: "Re: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT