Programmers Learn to Check Code Earlier for Holes

Carl Bialik from WSJ writes "Many companies are teaching programmers to write safer code and test their security as software is built, not afterward, the Wall Street Journal reports. This stands in contrast to an earlier ethos to rush to beat rivals with new software, and, of course, brings tradeoffs: 'Revamping the software-development process creates a Catch 22: being more careful can mean missing deadlines.' The WSJ focuses on RIM and Herb Little, its security director, who 'uses Coverity every night to scan the code turned in by engineers. The tool sends Mr. Little an email listing potential red flags. He figures out which problems are real and tracks down each offending programmer, who has to fix the flaw before moving on. Mr. Little has also ramped up security training and requires programmers to double-check each others' code more regularly.'"

This just in:

[r_jensen11]

Writers are encouraged to proofread.

QA is.....

[Wisp]

The new Black!

Slippery slope

[metamatic]

Jeez, next thing programmers will be expected to document their code.

What will the XP weenies do then?

Ain't gonna last

[FiveDollarYoBet]

Those aren't security holes.... They're undocumented network transfer features!

It sounds good and all but there's a direct correlation between the deadline and how bullet proof the code is.

insert sig here

That's why...

[GillBates0]

I always make sure I use the highest quality bits when I program. You'll find none of those low-quality, flimsy and occasionally perforated bits in my code.

Agreed, periodic checking for holes has it's own value, but nothing beats using the best quality, industrial-strength (tm) bits to start with, moreso while developing reliable software in the post-911 world.

This Just In From Microsoft

[Metabolife]

After taking this training routine, Microsoft says that Vista will be delayed another 2 years.

Or, ...

[UbuntuDupe]

to paraphrase Oscar Wilde: Anyone who doesn't have enough time to do it right, has enough time to do it again.

Obligatory Fight Club

[Weaselmancer]

Narrator: A new program written by my company is shipped on time, but with bugs. The network stack locks up. The OS crashes and burns and scrambles the hard drive. Now, should we initiate a code review? Take the number of licenses in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a code review, we don't do one.
Business woman on plane: Are there a lot of these kinds of bugs?
Narrator: You wouldn't believe.
Business woman on plane: Which software company do you work for?
Narrator: A major one.

Re:This just in:

[orielbean]

This just in after that : Business models sacrifice quality for speedy delivery of product. :-)

Re:Wow. A 'Developer' article

[wickedj]

"Some parts of XP are fine."

Yes, I believe they've pretty much got Solitaire down.