Slashdot Mirror

← Back to Stories (view on slashdot.org)

Programmers Learn to Check Code Earlier for Holes

Posted by ryuzaki0 on from the good-practice dept.

Carl Bialik from WSJ writes "Many companies are teaching programmers to write safer code and test their security as software is built, not afterward, the Wall Street Journal reports. This stands in contrast to an earlier ethos to rush to beat rivals with new software, and, of course, brings tradeoffs: 'Revamping the software-development process creates a Catch 22: being more careful can mean missing deadlines.' The WSJ focuses on RIM and Herb Little, its security director, who 'uses Coverity every night to scan the code turned in by engineers. The tool sends Mr. Little an email listing potential red flags. He figures out which problems are real and tracks down each offending programmer, who has to fix the flaw before moving on. Mr. Little has also ramped up security training and requires programmers to double-check each others' code more regularly.'"

10 of 212 comments (clear)

  1. This just in: by r_jensen11 · · Score: 5, Funny

    Writers are encouraged to proofread.

    1. Re:This just in: by orielbean · · Score: 2, Funny

      This just in after that : Business models sacrifice quality for speedy delivery of product. :-)

  2. QA is..... by Wisp · · Score: 3, Funny

    The new Black!

  3. Slippery slope by metamatic · · Score: 3, Funny

    Jeez, next thing programmers will be expected to document their code.

    What will the XP weenies do then?

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  4. Ain't gonna last by FiveDollarYoBet · · Score: 5, Funny
    Those aren't security holes.... They're undocumented network transfer features!

    It sounds good and all but there's a direct correlation between the deadline and how bullet proof the code is.

    insert sig here

  5. That's why... by GillBates0 · · Score: 5, Funny
    I always make sure I use the highest quality bits when I program. You'll find none of those low-quality, flimsy and occasionally perforated bits in my code.

    Agreed, periodic checking for holes has it's own value, but nothing beats using the best quality, industrial-strength (tm) bits to start with, moreso while developing reliable software in the post-911 world.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  6. This Just In From Microsoft by Metabolife · · Score: 4, Funny

    After taking this training routine, Microsoft says that Vista will be delayed another 2 years.

  7. Or, ... by UbuntuDupe · · Score: 2, Funny

    to paraphrase Oscar Wilde: Anyone who doesn't have enough time to do it right, has enough time to do it again.

    --
    Apology to Ubuntu forum.
  8. Obligatory Fight Club by Weaselmancer · · Score: 3, Funny

    Narrator: A new program written by my company is shipped on time, but with bugs. The network stack locks up. The OS crashes and burns and scrambles the hard drive. Now, should we initiate a code review? Take the number of licenses in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a code review, we don't do one.
    Business woman on plane: Are there a lot of these kinds of bugs?
    Narrator: You wouldn't believe.
    Business woman on plane: Which software company do you work for?
    Narrator: A major one.

    --
    Weaselmancer
    rediculous.
  9. Re:Wow. A 'Developer' article by wickedj · · Score: 2, Funny

    "Some parts of XP are fine."

    Yes, I believe they've pretty much got Solitaire down.