A standard practice in software companies is to put the new hires, often not properly trained to productive work as soon as possible. This practice is an understandable business requirement, but if not controlled properly can lead to bug creep or unwanted complexity in the code.
In my experience as a software developer, i can name hundreds of situations where poor code caused days of debugging or corrections.
Here is one, very simple example:
When creating an array of data in Java, one uses a constant for the array dimension. When using the created array for sorting, or searching through the content of the array, one creates a FOR cycle, starting with 0 and ending with the constant number size of the array.
What will happen when a user requirement demands the extension of the same array? A programmer (usually one that has wronged the project manager) gets assigned to changing all values of the array size in the entire code. This will probably be a couple of days very very of tedious work.
If the initial code used the length method of the array in each FOR cycle instead of the constant size value, the entire change will be only to the constant used to create the array. Suddenly, this becomes a 5 minute job (which you can still charge 2 man days to the customer).
To sum up, here are the 3 rules of keeping attention to detail and good programming practices in your companies
- All software companies have a document named 'Development Standard' or 'Development Conventions' or the like. This is the new hires' bible of work, and everyone should check that the new hires know and understand it before putting them to work on a commercial piece of code.
- The Development Standard document should not be written once and forgotten. Mandate a regular standard review and upgrade by your best and most experienced developers, at least once a year.
- For good measure, amend your Development Standard with the latest edition of a good book on your programming language of choice. Things get forgotten, and this will provide a fast refresher course material for your developers.
ShortInfosec thanks for her contribution, and hopes that she will continue to contribute to this site.
8 Golden Rules of Change Management
Application security - too much function brings problems
Security risks and measures in software development
Security challenges in software development
Talkback and comments are most welcome