this post was submitted on 15 Mar 2024
887 points (98.0% liked)
Programmer Humor
19551 readers
609 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ok, sure. What standards? For fields like Civil Engineering it's pretty easy to come up with reasonable standards. But, if a software engineer is writing a generic key-value store, how do you evaluate whether that item meets the required standards?
There are things that a developer can and should check to make sure his code is secure, but my focus is mainly on the systems and those can definitely be held to standards. Things like checking dependencies for known exploits, enforcing 2FA and TLS on all connections, encrypting data at rest, and testing backups, among a lot of other stuff.
I've worked with hundreds of organizations across many different industries in my career and almost none of them do all or even most of those, even if they need to be compliant for things like HIPAA or SOX. I once worked with an aerospace company whose sysadmin/webmaster/network guy was literally the founder's son, who got the job because he knew how to make a web page.