Comments on: Can good programmers be part of a SDLC? http://www.securitybalance.com/2008/12/can-good-programmers-be-part-of-a-sdlc/ trying to bring balance to the Force Wed, 03 Mar 2010 21:43:10 +0000 http://wordpress.org/?v=abc hourly 1 By: Fernando http://www.securitybalance.com/2008/12/can-good-programmers-be-part-of-a-sdlc/comment-page-1/#comment-160 Fernando Wed, 03 Dec 2008 03:10:38 +0000 http://www.securitybalance.com/?p=304#comment-160 To me, this issue will be addressed when a "good programmer" as described in the article above recognizes that his/her contribution as a professional extends beyond writing good/interesting code. In my opinion, a professional is one who applies his/her skills to the task at hand as part of the broader organizational effort. When the programmer (or the network admin, or the database guy, or anyone else in IT) realizes that the objective is to support the organization - and not show off skills (or skillz) - then we can have better participation in SDLC/Change Management/Quality Control/... Perhaps it's time for instituting errors & omissions liabilities to IT professionals? That can also be a nice wake-up call to produce robust output (code, network, etc...) To me, this issue will be addressed when a “good programmer” as described in the article above recognizes that his/her contribution as a professional extends beyond writing good/interesting code. In my opinion, a professional is one who applies his/her skills to the task at hand as part of the broader organizational effort. When the programmer (or the network admin, or the database guy, or anyone else in IT) realizes that the objective is to support the organization – and not show off skills (or skillz) – then we can have better participation in SDLC/Change Management/Quality Control/…

Perhaps it’s time for instituting errors & omissions liabilities to IT professionals? That can also be a nice wake-up call to produce robust output (code, network, etc…)

]]> By: VP http://www.securitybalance.com/2008/12/can-good-programmers-be-part-of-a-sdlc/comment-page-1/#comment-159 VP Tue, 02 Dec 2008 19:08:35 +0000 http://www.securitybalance.com/?p=304#comment-159 IMO, SDLC and pair programming are good to avoid that the mediocre programmer makes mistakes alone. But when you have a good programmer (good programmers are not that one that can code faster with a good logic and etc. Good programmers must understand and be used with security programming) its really boring, time consuming and expensive, to tutor a beginner (in a pair programming) or to answer a lot of checklists and do meetings with security guys that sometimes dont even have clue over what they are talking about. The real problem is: In big companies is not rare to find real bad, lazy and beginners as "seniors" developers. IMO, SDLC and pair programming are good to avoid that the mediocre programmer makes mistakes alone. But when you have a good programmer (good programmers are not that one that can code faster with a good logic and etc. Good programmers must understand and be used with security programming) its really boring, time consuming and expensive, to tutor a beginner (in a pair programming) or to answer a lot of checklists and do meetings with security guys that sometimes dont even have clue over what they are talking about. The real problem is: In big companies is not rare to find real bad, lazy and beginners as “seniors” developers.

]]>