Stopping Bad Code from Happening to Good People

shutterstock_387274792 (1)

As any QA tester will tell you, commercial software is riddled with faulty code—which is a real issue, when you consider that criminals can use those vulnerabilities to compromise whole systems. Oftentimes, executives at organizations producing the software have no idea about the bugs in their products until it’s too late. It’s up to tech pros to find and seal as many holes as possible.

One core issue is developers’ reliance on prewritten code to build new software. The substantial bulk of modern apps rely on third-party libraries, according to studies. If the code in those libraries is compromised, so are the applications that rely on it.

Some organizations have already moved to fortify the code on which so many developers depend. Take the Core Infrastructure Initiative (CII), which attempts to crowd-source the security and reliability of critical open-source projects. Organized by The Linux Foundation, CII draws support from Amazon Web Services, Bloomberg, Facebook, Google, and other major tech firms; for those interested, it also offers grants for repairing and maintaining specific bits of online infrastructure.

But developers can’t leave the challenge of safe code to a handful of organizations and altruistic tech pros. There’s something to be said for regarding your application-building with a little bit of leeriness, and only using code that comes from trusted libraries and sources. It also pays to use only up-to-date components, and build as much bug hunting as possible into your production schedule (even when rushed).

In addition to using pre-built code, there’s also the matter of writing good code. A new blog posting at TechBeacon breaks down some best practices for solid coding, including the need to establish useful metrics. “Concentrate on metrics that advertise good attention to details, good communication skills, and good attitude, especially if they require great effort to cheat,” the blog advised. Code reviews and testing are likewise essential; nipping issues in the proverbial bud can usually save programmers a lot of time later.

On top of coding prowess, “soft skills” such as communication are useful; unless developers can effectively talk to one another (and employees in other areas of a company), the chances that coding issues will arise may only increase as the project heads toward completion.

It’s difficult to create elegant code on a deadline, but a few best practices—and a little diligence—can go a long way toward avoiding substantial problems.

One Response to “Stopping Bad Code from Happening to Good People”

  1. john rader

    There are two real obstacles to releasing good code.

    The first is the immediate rewarding those who take the least time to do the job because it is cheaper. In many cases the quality of the code is not known until months after it has been released till it hits production because this is where there are the hardware resources and users to really stress test it.

    The second problem is that management is confused with leadership. Leadership means the ability to determine the direction of a product and it requires knowledge and experience.
    Line level managers, for the most part, neither have the technical ability nor the experience with the code but are expected to take a major part in determining the direction of a project. They are also in effect EMAIL generators not only are they tasked with status reports, project completion projections, and in many ways are the official connection between their employees and the rest of the company. .Most of them fail to understand that for the most part their job is to provide an interface between their employees and their employees and the rest of the company, thus they probably have more requests than they give. Unfortunately lots of company tend to recruit their manager from outside the company meaning these poor people come in without the knowledge of the code and what it is suppose to accomplish nor the knowledge of how the company works internally.You can always tell when the ship is beginning to sink when there are more managers being hired than than the people who report to them.