As any QA tester will tell you, commercial software is riddled with faulty code—which is a real issue, when you consider that criminals can use those vulnerabilities to compromise whole systems. Oftentimes, executives at organizations producing the software have no idea about the bugs in their products until it’s too late. It’s up to tech pros to find and seal as many holes as possible. One core issue is developers’ reliance on prewritten code to build new software. The substantial bulk of modern apps rely on third-party libraries, according to studies. If the code in those libraries is compromised, so are the applications that rely on it. Some organizations have already moved to fortify the code on which so many developers depend. Take the Core Infrastructure Initiative (CII), which attempts to crowd-source the security and reliability of critical open-source projects. Organized by The Linux Foundation, CII draws support from Amazon Web Services, Bloomberg, Facebook, Google, and other major tech firms; for those interested, it also offers grants for repairing and maintaining specific bits of online infrastructure. But developers can’t leave the challenge of safe code to a handful of organizations and altruistic tech pros. There’s something to be said for regarding your application-building with a little bit of leeriness, and only using code that comes from trusted libraries and sources. It also pays to use only up-to-date components, and build as much bug hunting as possible into your production schedule (even when rushed). In addition to using pre-built code, there’s also the matter of writing good code. A new blog posting at TechBeacon breaks down some best practices for solid coding, including the need to establish useful metrics. “Concentrate on metrics that advertise good attention to details, good communication skills, and good attitude, especially if they require great effort to cheat,” the blog advised. Code reviews and testing are likewise essential; nipping issues in the proverbial bud can usually save programmers a lot of time later. On top of coding prowess, “soft skills” such as communication are useful; unless developers can effectively talk to one another (and employees in other areas of a company), the chances that coding issues will arise may only increase as the project heads toward completion. It’s difficult to create elegant code on a deadline, but a few best practices—and a little diligence—can go a long way toward avoiding substantial problems. Stopping Bad Code from Happening to Good People
As any QA tester will tell you, commercial software is riddled with faulty code—which is a real issue, when you consider that criminals can use those vulnerabilities to compromise whole systems. Oftentimes, executives at organizations producing the software have no idea about the bugs in their products until it’s too late. It’s up to tech pros to find and seal as many holes as possible. One core issue is developers’ reliance on prewritten code to build new software. The substantial bulk of modern apps rely on third-party libraries, according to studies. If the code in those libraries is compromised, so are the applications that rely on it. Some organizations have already moved to fortify the code on which so many developers depend. Take the Core Infrastructure Initiative (CII), which attempts to crowd-source the security and reliability of critical open-source projects. Organized by The Linux Foundation, CII draws support from Amazon Web Services, Bloomberg, Facebook, Google, and other major tech firms; for those interested, it also offers grants for repairing and maintaining specific bits of online infrastructure. But developers can’t leave the challenge of safe code to a handful of organizations and altruistic tech pros. There’s something to be said for regarding your application-building with a little bit of leeriness, and only using code that comes from trusted libraries and sources. It also pays to use only up-to-date components, and build as much bug hunting as possible into your production schedule (even when rushed). In addition to using pre-built code, there’s also the matter of writing good code. A new blog posting at TechBeacon breaks down some best practices for solid coding, including the need to establish useful metrics. “Concentrate on metrics that advertise good attention to details, good communication skills, and good attitude, especially if they require great effort to cheat,” the blog advised. Code reviews and testing are likewise essential; nipping issues in the proverbial bud can usually save programmers a lot of time later. On top of coding prowess, “soft skills” such as communication are useful; unless developers can effectively talk to one another (and employees in other areas of a company), the chances that coding issues will arise may only increase as the project heads toward completion. It’s difficult to create elegant code on a deadline, but a few best practices—and a little diligence—can go a long way toward avoiding substantial problems. 
