Developers enhance security by

By eweek  |  Posted 2005-09-26 Print this article Print

eliminating native code"> What impact will shipping Visual Studio 2005 a little later have on "Orcas"? [Orcas is the code name for the next version of Visual Studio after Whidbey.]

Somasegar: Our business is like we talked about; there are a few key pillars that we want to get done in Orcas in terms of focus. But like Paul said about the SQL team, we ... sort of [are focusing on] trying to get Whidbey done and get this great product out to customers.

What new features in Whidbey will help developers write more secure code?

Somasegar: There are a couple things. As part of the team, Visual Studio Team System, a lot of the tools that we use internally—in Windows, in SQL Server, in Visual Studio, in Office—use what I call static code analysis tools. I dont know whether you might have heard the name like Prefix, Prefast; all those tools we are packaging up, and we are making it available to our ISVs.

Flessner: These are all the tools weve used for years. Theyre hugely beneficial, and getting rid of all this native code is superimportant for buffer overflows and stuff like that. And in managed code theres a whole bunch of best practices that we build in that are just hugely important. We run stuff on the code all the time.

What impact have CTPs, or Community Technology Previews, had? You say they definitely help advance the quality, but do they also add extra time into the development process?

Flessner: The CTP sort of divides the stabilization period of the beta and allows you to amortize it over the development cycle. We have this complex branching system that all big products have, where people check in to their private branches, and then they stabilize, and then when the branches stabilize you roll it into main, and then thats your build that you release. And we do that. Weve just gotten into a rhythm where every month, month and a half, we pull these things up, we do a couple of weeks of stabilization and pop it out, and then we take off.

Somasegar: In some sense, we can argue that we are slowing down development because we are making sure that the quality of what we build stays at a fairly high level as we go along, as opposed to not knowing the state and then spending a bunch of time trying to get to a known state. So from that perspective I think the CTPs really, really help us get the right level of engineering discipline and focus into the product team.

Why did the products fall victim to so much slippage and delay in delivery?

Somasegar: First of all, we sometimes tend to underestimate the cost of integration. I think we are seeing a little bit of that. And we have two big products [for which] weve decided to have certain levels of integration between the two technologies and products.

The second thing is [that] we want to get to a certain level of quality, and if it isnt there—if its going to take me two weeks extra to get there—Im happily going to hold the product and make sure that we do the right thing.

Will database administrators feel threatened by the fact that C# and Visual Basic .Net code will be running on their servers?

Flessner: We have heard some of that. Its sort of waning a bit now, but early on it was, "Oh my God, youre taking these crazy VB guys, and youre going to let them run this code. Whats sacred? Nothing is left."

I think people who are T-SQL experts, over time, will become experts in other things and theyll appreciate the level of innovation. But, honestly ... weve put good exception handling into T-SQL. Weve made them comfortable as well.

Ozzie takes on bigger role at Microsoft. Click here to read more. Why are you launching BizTalk Server 2006 with Whidbey and Yukon? Whats the relationship there?

Somasegar: Its all about data. SQL [Server] stores the data, aggregates the data, analyzes the data, reports the data. Visual Studio can be used to build applications that take advantage of that data, that leverage the built-in reporting infrastructure and so forth. BizTalk uses SQL Server as the underlying message store. As more and more customers use the three products together to build applications, integrate systems and analyze business results, it makes sense to launch them together and highlight the benefits of using these products together to meet the needs of business.

BizTalk Server is based on Visual Studio .Net and gives developers the ability to integrate heterogeneous applications and orchestrate Web services in a familiar, easy-to-use interface. The Nov. 7 event and ensuing activities give us the unique opportunity to reach a wide audience keenly interested in understanding the value of using BizTalk Server, SQL [Server] and Visual Studio together.

At launch, we will offer a beta version of BizTalk Server, which will include support for the RTM [release to manufacturing] versions of SQL [Server] and Visual Studio. We are launching BizTalk Server with SQL [Server] and Visual Studio to ensure that we are as considerate as possible with the resources of our customers and partners.

Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel