Secure Coding mailing list archives
Genotypes and Phenotypes (Gunnar Peterson)
From: secureCoding2dave at davearonson.com (SC-L Reader Dave Aronson)
Date: Wed, 14 Oct 2009 07:36:52 -0400
Andreas Saurwein Franci Gon?alves <saurwein at gmail.com> wrote (rearranged into correct order):
2009/10/13 Bobby Miller <b.g.miller at gmail.com>The obvious difference is "parts". In manufacturing, things are assembled from well-known, well-specified, tested parts. Hmmm....
Thats the idea of libraries. Well known, well specified, well tested parts. Well, whatever.
Ideally, yes. However, programmers love to reinvent the wheel. It's MUCH easier, both to do and to get away with, in software than in hardware... and often necessary. Need a bolt of at least a given length and strength, less than a given diameter? There are standard thread sizes, and people make bolts of most common threadings and lengths, for purchase at reasonable prices, at places easily found, and you can be fairly certain that any given one of them will do the job quite well. Need a function for your program? If it's as common as a bolt, it's probably already built into the very language. If it's nearly as common, maybe there's a fairly standard library for it... and if you're very lucky, it's not too buggy or brittle. Otherwise, it's probably going to be much cheaper (which is all your management probably cares about) to just code the damn thing yourself, than to research who makes such a thing, which ones there are, who says which one is how reliable, which ones have licensing terms your company finds palatable, and justifying your choice to management. Lord help you if it requires money, because then you have to justify it to a higher degree, get the beancounters involved, budgetary authority from possibly multiple layers of manglement, and spend the rest of your days filling out purchase orders. If you do wind up coding it yourself, is the company then going to make that piece of functionality available to the world separately, whether for profit or open source? N times out of N+1, for very large values of N, no way! Will they at least make it available *internally*, so that *they* don't have to reinvent the wheel *next* time? Again, N times out of N+1, for almost as large values of N, no. -Dave -- Dave Aronson, software engineer or trainer for hire. Looking for job (or contract) in Washington DC area. See http://davearonson.com/ for resume & other info.
Current thread:
- Genotypes and Phenotypes (Gunnar Peterson) Bobby Miller (Oct 13)
- Genotypes and Phenotypes (Gunnar Peterson) Andreas Saurwein Franci Gonçalves (Oct 13)
- Genotypes and Phenotypes (Gunnar Peterson) SC-L Reader Dave Aronson (Oct 14)
- Genotypes and Phenotypes (Gunnar Peterson) Andreas Saurwein Franci Gonçalves (Oct 14)
- Genotypes and Phenotypes (Gunnar Peterson) Chris Wysopal (Oct 15)
- Genotypes and Phenotypes (Gunnar Peterson) SC-L Reader Dave Aronson (Oct 16)
- Genotypes and Phenotypes (Gunnar Peterson) SC-L Reader Dave Aronson (Oct 14)
- Genotypes and Phenotypes (Gunnar Peterson) Andreas Saurwein Franci Gonçalves (Oct 13)