[Chugalug] OT bugs and code quality

AverageSecurityGuy stephen at averagesecurityguy.info
Fri Mar 14 13:55:51 UTC 2014


> if you've got an MVC system that is "7 layers deep"  in abtraction and a framework that only the writer of the framework understands, then you get what you deserve for letting it get that complex


I didn’t mean a framework like Drupal, Django, or Rails. I meant a simple library that does all the input validation/sanitization and parameterized SQL queries.

> I consider myself quiet fortunate to be on a small team (3 programmers and a QA person) who have all been with the company for at least 6 years and we know the system and how it works, and despite getting paid peanuts and no bonuses, we still care about our work, and I really think that keeps a lot of our bugs down

This is by far the best way to keep bugs out of your system.

> plus we're all good lookin,  that helps.

Correlation != Causation. :)

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co



On Mar 14, 2014, at 9:43 AM, Ed King <chevyiinova at bellsouth.net> wrote:

> I've seen software written by fortune500 refugees that is just as buggy/unmaintanable as any other stuff I've ever seen, despite all the fancy tools used and money spent
> 
> bugs are gonna happen, best thing you can do is to keep the complexity down, and hire/keep people who care who can fix the bugs quickly and learn from the mistake       
> 
> 
> 
> From: Christopher Rimondi <chris.rimondi at gmail.com>
> To: CHUGALUG <chugalug at chugalug.org> 
> Sent: Friday, March 14, 2014 9:17 AM
> Subject: [Chugalug] OT bugs and code quality
> 
> For those of you are on/lead teams of developers or engineers what do you do keep everyone focused on reducing bugs and thinking through the impact of changes? I get there is a lot that can be done with unit and integration testing and formal QA. However, what I am asking centers more on keeping quality front and center in the team's mindset. 
> 
> There is probably no easy answer to this but, how do you separate bugs that are caused from "moving fast/meeting deadlines" versus we probably should have caught this one?
> 
> -- 
> Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
> 
> 
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140314/4a6f8ee8/attachment.pgp>


More information about the Chugalug mailing list