Secure Coding mailing list archives

Re: Variable comparisons

From: Martin Stricker <shugal () gmx de>
Date: Thu, 04 Dec 2003 02:07:02 +0000

Dave Aronson wrote:


On Tue December 2 2003 15:16, Chris Richards wrote:
 > it is far cheaper to design a problem out of a
 > product than it is to test a problem out of a product.  It seems
 > to me that a large part of the software industry has yet to
 > figure this out; it doesn't seem to get taught to the young
 > people coming out of University,

Unfortunately, this is only well-known THEORY, and rarely PRACTICED.
The big question is why?  My guess is the standard excuse of schedule
pressure, plus a desire to get quickly to what so many consider the
fun part, the coding.  Any others?


Yes: Two minutes before the already published release date (always a
*bad* idea!) you have to include some new feature because your
manager/customer/other moron forces you to. Remember: Nothing does live
longer than an "emergency fix just to get it out". It will never be
replaced by decent code because "it works". Happened often enough in
projects I worked for...

Best regards,
Martin Stricker
-- 
Homepage: http://www.martin-stricker.de/
Linux Migration Project: http://www.linux-migration.org/
Red Hat Linux 9 for low memory: http://www.rule-project.org/
Registered Linux user #210635: http://counter.li.org/

Current thread:

Variable comparisons David A. Wheeler (Dec 03)
- <Possible follow-ups>
- Re: Variable comparisons der Mouse (Dec 03)
- Re: Variable comparisons Dave Aronson (Dec 03)
  - Re: Variable comparisons Martin Stricker (Dec 03)
- Re: Variable comparisons Danny Smith (Dec 03)
  - Re: Variable comparisons Bob Toxen (Dec 03)
  - Re: Variable comparisons Wietse Venema (Dec 05)
    - Re: Variable comparisons Florian Weimer (Dec 06)
- Re: Variable comparisons Peter G. Neumann (Dec 03)
- Re: Variable comparisons Peter G. Neumann (Dec 07)