Bob Beck wrote: <snip> > > The simple fact is most of the MS/PHP/JAVA web development will be > being done by code monkeys, fresh out of school.. I'm pretty certain > they will "inbug" the same average number of bugs per line of code > they write no matter what platform it is. Development is often > outsourced to an external coding haus, written to a spec, without > complete info about what the whole final application is going to do. > Frequently they don't even reuse "mature" code from past releases > because you don't want to release it to the external people, or you're > too busy chasing platform-du-jour (Want a great example of this? I'm > betting Sun One, going from version 5 to version 6 is a good one) <rant> This is truer than you know. I've been writing code since 1974, and I see the same mistakes being made over and over and over and over . . . again. Just as in wars, it seems that every generation is destined to make the mistakes that their elders made. There is no industry-wide repository of "Lessons Learned." Each generation is left to make the same mistakes over and over. If one were to do a root-cause analysis, what would one find? Programming courses teach grammar and syntax. They do not teach "safe programming." (Except Crispin and Dave, of course . . .) Programming managers are programmers who grew up and decided they'd had enough of the 80-hour weeks and wanted to become managers. They don't know/care, either. It's only when the "powers that be" decide that it's better business to deliver bug-free, secure code than shipping mostly-working code out the door that things will change. Wanna take a bet on how long that'll be? </rant> Apologies. Usually this rant appears on firewall wizards or dshield . . . Just happened to be bugtraq this time /g -- George Capehart PGP KeyID: 0xDD7034EA "Sometimes you're the windshield, sometimes you're the bug." -- Mark Knofler
