Bob Beck wrote:

<snip>

>
> The simple fact is most of the MS/PHP/JAVA web development will be
> being done by code monkeys, fresh out of school.. I'm pretty certain
> they will "inbug" the same average number of bugs per line of code
> they write no matter what platform it is. Development is often
> outsourced to an external coding haus, written to a spec, without
> complete info about what the whole final application is going to do.
> Frequently they don't even reuse "mature" code from past releases
> because you don't want to release it to the external people, or you're
> too busy chasing platform-du-jour (Want a great example of this? I'm
> betting Sun One, going from version 5 to version 6 is a good one)

<rant>
This is truer than you know. I've been writing code since 1974, and I
see the same mistakes being made over and over and over and over . . .
again. Just as in wars, it seems that every generation is destined to
make the mistakes that their elders made. There is no industry-wide
repository of "Lessons Learned." Each generation is left to make the
same mistakes over and over. If one were to do a root-cause analysis,
what would one find? Programming courses teach grammar and syntax.
They do not teach "safe programming." (Except Crispin and Dave, of
course . . .) Programming managers are programmers who grew up and
decided they'd had enough of the 80-hour weeks and wanted to become
managers. They don't know/care, either. It's only when the "powers
that be" decide that it's better business to deliver bug-free, secure
code than shipping mostly-working code out the door that things will
change. Wanna take a bet on how long that'll be?
</rant>

Apologies. Usually this rant appears on firewall wizards or dshield . .
. Just happened to be bugtraq this time

/g
--
George Capehart

PGP KeyID: 0xDD7034EA

"Sometimes you're the windshield, sometimes you're the bug."
-- Mark Knofler

[ reply ]