|
Kornfeld Eliyahu Peter wrote: (safe code should not be a function of language)
While true to a point, safe code is darn near impossible in C, C++, and any other language that uses null terminated strings and uncounted buffers. Microsoft's own reporting shows that about 70% of their security vulnerabilities are the result of mishandling memory, including buffers (string or otherwise) and free after deallocation errors. Digital Equipment Corporation showed us how to write safe code back in the 70s with their VMS system. All buffers were OS level descriptor managed and all parameters to system calls were validated, throwing an exception if the parameters weren't valid. K&R, while successful at creating an OS (Unix), should be demonized for doing so using what was known at the time to be unsafe computing methodologies.
|
|
|
|
|
obermd wrote: about 70% of their security vulnerabilities
Perhaps.
Still leaves the other 30%. Plus all of the other bugs as well. And refactoring code is in fact likely to lead to those. Not to mention of course that if that small subset of code has security vulnerabilities then shouldn't it just be fixed?
|
|
|
|
|
Kornfeld Eliyahu Peter wrote: (safe code should not be a function of language) 100%. Crazy thing is, we all know how to check for bounds, etc. in code. It's not magic. Just programmers get lazy and/or the business expects everything done in a day. No different than unit testing... most devs still don't do it or if they do it then it's not done well.
Jeremy Falcon
|
|
|
|
|
Jeremy Falcon wrote: most devs still don't do it or if they do it then it's not done well.
Because they get rewarded for other things. Like closing tickets. Or lines written. Or just showing up every day.
If bugs were tracked to the programmer and it impacted them financially then they would pay more attention.
|
|
|
|
|
Boss: Hey is that feature you've been working on for the last 3 months ready to release?
Me: Not if I get fined for bugs.
Boss: How long?
Me: About 3 more months of testing.
Boss: (~ear piercing scream of anguish~) OK. No fines. Release it.
You're right. I'm rewarded for other behavior.
|
|
|
|
|
jschell wrote: If bugs were tracked to the programmer and it impacted them financially then they would pay more attention.
It already kinda does. Most companies add the code quality (how bug free your code is) to a developers KRA and if it is not met, it impacts your financial growth in the org. However, it may still be not enough maybe because when it is met, it doesn't really help you grow faster. In that case the bell curve comes to the rescue of the management.
If code quality had a more consistent positive impact in the industry I think devs would certainly pay more attention.
|
|
|
|
|
GKP1992 wrote: Most companies add
Most?
Certainly none that I have worked at. No one even mentioned it at any of those companies. In comparison many companies ask about things like unit testing and many explicitly make it a feature when posting jobs.
No one has ever mentioned it in an interview.
|
|
|
|
|
I would suggest they oil the machine up and fix the existing problems instead of having us field test yet another VISTA.
Give me coffee to change the things I can and wine for those I can not!
PartsBin an Electronics Part Organizer - An updated version available! JaxCoder.com
Latest Article: Simon Says, A Child's Game
|
|
|
|
|
Wordle 682 3/6
⬛⬛⬛⬛⬛
🟩⬛⬛🟨⬛
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 682 5/6
🟩🟨⬛⬛⬛
🟩⬛⬛⬛🟨
🟩🟩⬛🟨🟩
🟩🟩🟩⬛🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 682 6/6
⬜⬜⬜⬜🟨
⬜⬜⬜🟨⬜
⬜🟨🟨⬜⬜
⬜🟩⬜🟨⬜
🟨🟩⬜🟩🟩
🟩🟩🟩🟩🟩
Doesn't look like a common word.
|
|
|
|
|
Wordle 682 4/6
⬜🟨⬜⬜⬜
⬜⬜⬜⬜⬜
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
Not looking good after 2, but my 3rd regular starter proved a real gem!
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Wordle 682 5/6
⬜🟩⬜⬜⬜
⬜🟩⬜⬜⬜
⬜🟩⬜⬜⬜
🟨🟩🟨⬜🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 682 4/6*
⬜⬜⬜🟨⬜
🟩⬜⬜⬜🟩
🟩⬜🟨⬜🟩
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
⬜⬜⬜⬜⬜
⬜⬜⬜🟨🟨
🟩⬜🟨⬜🟩
🟩🟩🟩🟩🟩
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 682 4/6*
🟨⬜⬜🟨⬜
🟩🟨⬜⬜🟩
🟩🟩🟩⬜🟩
🟩🟩🟩🟩🟩
Happiness will never come to those who fail to appreciate what they already have. -Anon
|
|
|
|
|
Wordle 682 4/6
⬜🟩⬜⬜🟨
⬜🟩🟨⬜🟩
🟩🟩🟩⬜🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 682 5/6
⬛⬛⬛⬛⬛
⬛🟨🟨🟨⬛
⬛🟩🟩⬛🟩
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩
Get me coffee and no one gets hurt!
|
|
|
|
|
Wordle 682 6/6
⬜⬜⬜⬜⬜
⬜⬜⬜🟨⬜
⬜🟩⬜⬜🟩
⬜🟩⬜⬜🟩
🟩🟩🟩⬜🟩
🟩🟩🟩🟩🟩
hard one
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Sorry I'm late with this (not the clue!)
This person sounds like a sweet fruit you find in the desert (9)
Edited: to make the clue better (hopefully!)
Happiness will never come to those who fail to appreciate what they already have. -Anon
|
|
|
|
|
PERSIMMON?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Nope
Happiness will never come to those who fail to appreciate what they already have. -Anon
|
|
|
|
|
Abandoned ?
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Nope. Your reasoning?
Happiness will never come to those who fail to appreciate what they already have. -Anon
|
|
|
|
|
Purely a synonym for desert is abandon
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|