Code it
4.6K views | +0 today
Follow
Code it
This is a curated resource for programmers and software architects. It is regularly updated with Articles, Hacks, How Tos, Examples and Code.
Curated by nrip
Your new post is loading...
Your new post is loading...
Scooped by nrip
Scoop.it!

Why Software Security Is a Skill All Programmers Should Have

Why Software Security Is a Skill All Programmers Should Have | Code it | Scoop.it
From www.makeuseof.com - June 22, 2021 1:41 AM

As a programmer or developer, the importance of creating secure applications cannot be overstated.

 

Software security deals with the management of malicious attacks by identifying potential vulnerabilities in software and taking the necessary precautions to guard against them.

 

Software can never be 100% secure because a developer can overlook a bug, create new bugs in an attempt to fix existing cases, or create new vulnerabilities through updates.

 

However, there’re two key practices that all software developers can employ to ensure that they create secure software

---

  • writing secure code in the first place, and
  • efficiently testing your code.

 

Software Security Is a Crucial Skill For All Developers

Developing good software is synonymous with ensuring that your software can withstand any malicious attack. This is only achievable through the writing of secure code, the continual testing of an application, and maintaining control of who has access to your data.

 

 

read more at

https://www.makeuseof.com/software-security-skill-all-programmers-should-have/

 

more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

Creating an effective bug report

Creating an effective bug report | Code it | Scoop.it
From www.duncanmackenzie.net - June 20, 2021 1:10 AM
Providing clear steps to reproduce an issue is a benefit for everyone

 

When I’ve had to contact a company’s technical support through a form, I provide a ridiculously detailed description of what the issue is, when it happens, the specific troubleshooting that narrows it down, and (if it is allowed by the form) screenshots. I suspect the people on the other end aren’t used to that, because I know it is not what happens most of the time when people submit issues to me.

What’s the benefit of an effective bug report?

There are two sides to this, one is the efficiency of the interaction between the bug reporter and the (hopeful) bug fixer and the other is the actual likelihood that the issue will ever be fixed.

 

Why do we need “repro steps”?

The first part of fixing a problem is to make sure you understand it and can see it in action. If you can’t see the problem happen consistently, you can’t be sure you’ve fixed it. This is not a software development concept; it is true with nearly everything. If someone tells me the faucet is dripping, I’m going to want to see the drip happening before I try to fix it… then when I look and see it not dripping, I can feel confident that I resolved the problem.

 

Is it possible to provide too much information?

I’d rather have too much detail than too little, but I also feel that the bug reporter shouldn’t be expected to try to track down every possible variable or to try to fix the problem.

 

Human Nature and Incomplete Issues

I mentioned two sides to this, the efficiency of interaction and the likelihood an issue will be fixed. If you assume someone will ask for all the missing info, even if it takes a lot longer, then the only benefit to a complete bug report is efficiency. In reality though, developers are human, and when they see an incomplete issue where it could take many back-and-forth conversations to get the details they need, they will avoid it in favor of one that they can pick up and work on right now with no delay. Your issue, which could be more important than anything else in the queue, could end up being ignored because it is unclear.

 

A detailed bug report, with clear repro steps, is a win for everyone.

 

read this entire unedited super post at https://www.duncanmackenzie.net/blog/creating-an-effective-bug-report/

 

 

nrip's insight:
  • A detailed bug report, with clear repro steps, is a win for everyone.
  • Too many details is not bad.
  • Getting something not working as expected fixed for good is worth the extra effort
more...
No comment yet.
Sign up to comment
Scooped by nrip
Scoop.it!

The Psychological Reasons for Software Project Failures

The Psychological Reasons for Software Project Failures | Code it | Scoop.it
From www.codeproject.com - June 20, 2021 4:16 PM
This is an opinion article about the state of affairs in the software engineering field. It discusses the real challenge and the real duty of a programmer. It divides programmers into four categories: Intelligent, Bandits, Helpless and Stupid with two additional categories of Naive and Ignorant. It talks about how a programmer must be familiar with a particular domain is not only able to code but actually to create solutions. And it touches on the failure of agile software development.
 
 

Failure of software projects defined as a miss of deadlines, budget overrun, missed functionality and malfunction is prevalent in the software industry. A lot has been written about the reasons for this situation, blaming unrealistic project goals, inaccurate estimates of needed resources, badly defined requirements, poor reporting, unmanaged risks, poor communication, immature technology, sloppy development practices, poor project management, stakeholder politics or commercial pressure. Most of these put weight on the management side of the development process, properly identifying it as a cause of these failures. In my opinion, which is based on years of observation, there is another factor of this misery almost totally overlooked or intentionally omitted – programmers themselves.

 

“Smart” Programmers

The common belief among society in general and among programmer society as well is that “programmers are smart”, that they recruit from the most intelligent part of the society. I believe that this is based on a false assumption that programming a machine is difficult. I dare to disagree with this assumption as in reality, writing code is no more difficult than writing a proper culinary recipe

 

The Nature of Challenge

Coding is not a challenge. In fact, code is the last thing anybody is willing to pay for (though, ironically, it is the most important thing that gets produced in the end). The real challenge, and the real duty of a programmer, is solving problems that customers face, most likely with code but not necessarily. These problems are usually only partially “technical”, often sociological, often complex, often wicked. As problem complexity grows, the required effort, intelligence, knowledge, and dedication to solve it grow as well, sometimes exponentially. Recognizing complexity, confining it and minimizing it is the ultimate goal of a programmer. This raises the bar so high that an average person might fail to present the sufficient personal qualities required for the job, and turn out to be relatively stupid.

 

As David Parnas states: “I have heard people proudly claim that they have built lots of large complex systems. I try to remind them that the job could have been done by a small simple system if they had spent more time on "front-end" design. Large size and complexity should not be viewed as a goal.

 

The 4 + 2 Model

It is necessary to unambiguously define stupidity in the context of programming.

“A stupid programmer is the one that puts complexity to a software product that negatively impacts other programmers, customers or a whole company while achieving no gain from this fact and even possibly negatively impacting oneself”.

By putting complexity, I mean either failing to reduce the inherent complexity of the problem being solved with software, by using so-called “brute force” solutions or actually introducing of accidental (usually technical) complexity, that could be avoided if more thought and care was given to the solution.

By negative impact, I understand the increased workload, reduced efficiency, and higher cost.

 

The Great Misunderstanding

Programmers are technology-oriented. They get attracted to computing because of their technological bias. Their job though is not to write code as they often think, their job is not even creating software. Their job is to solve customers’ problems and software is just one of the means to do it. Sadly, seldom do they manage to understand this.

 

A Bitter Pill

I found this enlightening quote from David Parnas:

The most often-overlooked risk in software engineering is ‘incompetent programmers’. There are estimates that the number of programmers needed in the U.S. exceeds 200,000. This is entirely misleading. It is not a quantity problem; we have a quality problem. One bad programmer can easily create two new jobs a year. Hiring more bad programmers will just increase our perceived need for them. If we had more good programmers, and could easily identify them, we would need fewer, not more.”

If the project is late, it is better to fire bad programmers than to hire more of them. At least, they will not get in the way of good ones.

 

one of the best articles I have read on CodeProject ever. I read it 4 times over the past month and made every lead in the mid-level software management team read it too... read more at https://www.codeproject.com/Articles/5061258/The-Psychological-Reasons-for-Software-Project-Fai

 

nrip's insight:

Not firing programmers is a major problem. It created an acute problem, the actual acceptance of responsibility. There is no sense of accountability in the software industry.

 

Actors get fired after every movie, so they feel pressure to perform well every time. Programmers, with artificially created demand, feel no pressure to exhibit high performance every time as they can switch jobs before things go bad (their incompetence gets discovered).

 

This fosters more incompetence and stupidity.

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn