MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Precedence: bulk
Mailing-List: contact <[EMAIL PROTECTED]> ; run by MajorDomo
List-Id: Secure Coding Mailing List <sc-l.securecoding.org>
List-Post: <mailto:sc-l@securecoding.org>
List-Subscribe: <http://www.securecoding.org/list/>
List-Unsubscribe: <http://www.securecoding.org/list/>
List-Help: <http://www.securecoding.org/list/charter.php>
List-Archive: <http://lists.virus.org>
Delivered-To: mailing list SC-L@SecureCoding.org
Delivered-To: moderator for SC-L@SecureCoding.org

Dave Paris <[EMAIL PROTECTED]> wrote:

 > The builder and the programmer are synonomous.
 > The builder is neither the architect, nor the engineer for the
 > structure.  If the architect and engineer included "security" for the
 > structure and the builder failed to build to specification, then the
 > builder is at fault.
 > The programmer is neither the application architect nor the system
 > engineer.

This is often not true, even on some things that stretch a single
programmer's productivity to the limits (which makes it even worse).

Programmers work within the specs they are given.  That can (NOT SHOULD!)
be anything from "use this language on this platform to implement this
algorithm in this style", to "we need something that will help us
accomplish this goal".  The latter cries out for a requirements analyst
to delve into it MUCH further, before an architect, let alone a
programmer, is allowed anywhere NEAR it!  However, sometimes that's all
you get, from a customer who is then NOT reasonably easily available to
refine his needs any further, relayed via a manager who is clueless
enough not to realize that refinement is needed, to a programmer who is
afraid to say so lest he get sacked for insubordination, and will also
have to architect it.

If this has not happened at your company, you work for a company with far
more clue about software development than, I would guess, easily 90% of
the companies that do it.


Reply via email to