TKTK

 
 
By Peter Coffee  |  Posted 2005-05-16 Email Print this article Print
 
 
 
 
 
 
 


Higher-level application modules tend to incorporate higher-level assumptions about the kind of input theyll receive. Developers who dont challenge their own assumptions—writing necessary validation routines and bounding their code with robust exception handling—are begging to be next on the list of "Can you believe that someone still got hit by this?"

Network-facing applications invite developers to rely on additional abstractions—a trend thats accelerating with the emergence of frameworks such as Microsofts "Indigo" that offer developers access to immense capability with minimal writing of code.

Its therefore essential for developers to understand at least the rudiments of both hardware and software infrastructure, warned Andrew Plato, a consultant at Anitian Corp., in Beaverton, Ore. Unfortunately, Plato said, that is not always the case. "I find that development teams have virtually no comprehension of network or infrastructure security," he said. "Ive had developers ask me, Whats an IP address? Whats a DNS server? Youd think theyd know that or want to know that, but they say, I write software."

eWEEK Labs concurs with Platos warning: To write a network-facing application while relying entirely on platform abstraction is like driving down a paved highway and looking only at lane markers, oblivious to even the possibility of potholes.

One piece of network cable is assumed to be substitutable for any other that meets the same specifications, but enterprise application code is a product of personal creation that reflects personal training, attitude and culture.

The culture of programming continues to evolve. Computer science educators have described to eWEEK Labs the changing approach to the application development task that theyve seen in successive generations of students: First-generation developers got their initial exposure to computers in the context of learning to program, while current students are at least as likely to come from a background of playing computer games.

The result that those professors see, understandably, is a growing inclination for game-imprinted students to declare success and move on as soon as a piece of code does what its supposed to do. Thats a far cry from considering the things that code might be made to do, let alone crafting it to do nothing that is not actually desired.

Development managers may thus benefit, ironically, from the strictures of legislative and regulatory mandates such as the Sarbanes-Oxley Act, with associated demands for precise characterization of IT system function and control.

Telling a developer who wrote a piece of code that another developer must deploy it might once have been taken as an insult or at least an unnecessary nuisance, but under SarbOx, it merely becomes the way that things have to be done. IT governance aids such as Mercury Interactive Corp.s IT Governance Center may therefore belong on a development managers next tools budget .

Development teams familiar with the disciplines of projects undertaken for the U.S. Department of Defense have a head start on producing highly structured documentation of application and component interactions. Tools such as Telelogic ABs Tau are well-established in such environments and may find growing interest in mainstream enterprise development organizations as well.

Development managers must be prepared, however, to make the case for investments in security and IT governance training and tools for their teams. Myths abound, said Anitians Plato, that only certain organizations need to worry about attacks. "Most hackers do not care about your systems," he said. "The fact that you process or store boring or low-priority information does not make you more secure."

The kind of security that can be added to the outer shell of enterprise IT is, for the most part, in place. It now falls to developers to understand their role and to development managers to provide needed tools to satisfy intensifying demands for the kind of security that has to be embedded in applications.

Technology Editor Peter Coffee can be reached at peter_coffee@ziffdavis.com.

Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.


 
 
 
 
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel