As software developers, we are doing a terrible job of protecting the data we collect from our users because software security is hopelessly broken. This is a huge topic so I’ll restrict my comments to coding, encryption/hashing, web server configurations, regulation, and what we can do about the security of the software we create and maintain.
Tag: Security
I recently got into a discussion in the comments section of someone else’s blog where I argued that many software developers are overly confident in their abilities. I further argued that this overconfidence leads to the kind of behavior that would be considered professional malpractice if a lawyer, doctor, or professional engineer did something similar in their respective field.
A fellow software developer expressed an opposing view. He made the following points:
- only a small percentage of software can cause as much damage as medical or legal malpractice and that software is highly regulated
- if we stop people from pursuing their interests it will stifle innovation, which he was very much against
I hear variations on this view quite often and I think it is worth exploring.
My team uses a code review checklist to prevent stupid mistakes from causing us problems and wasting time. In this post, I want to share the reasons we decided to implement a code review checklist, what’s on our checklist, how we created, use, and improve our checklist, and how it’s improved our effectiveness.