Bruce Schneier has written an editorial on his blog and for Wired which takes issue with the position put out by a former White House technology adviser that developers should be held personally responsible for security problems in the code they write. Bruce feels that this is not wise at all ... as a developer, I completely disagree.Bruce's analysis of the market forces involved in ensuring that security improves is dead on, which means for the proposal of developer liability to work means that developers must have a greater stake in the marketability of the code they write. As a consultant I can say I welcome the idea, and so should any full-time corporate developer. Personal liability would guarantee that my rates would rise considerably to cover that risk, and that I would insist that if I am personally liable for code that I produce then I will keep the right to use that code on an ongoing basis. It would shake up programming as we know it, forcing businesses to realize that the developers on a project could not be treated as mere resources but would be far closer akin to partners in a project.Now, it would have some downsides. Programming is already incredibly hard to get started in, especially if you come into the industry from a non-traditional vector (i.e. not from College). Personal liability would make new programmers yet more of risk and you may very well see some talented young minds who made a mistake go down in flames. It would also force business types to change the entire compensation model for programmers in radical ways.Is this likely to happen? Of course not! Bruce is absolutely correct about the "right" way for government to address this problem. But as for me and my pocketbook, I wouldn't mind if the government tried to something like this proposal.
I will be speaking to the Fort Worth .NET User Group on Tuesday November 8th. They've asked me to speak on Test Driven Development and so it will be an evening on Red-Green-Refactor. I hope to shed some light on Agile methodologies in general as well as talk about tools which make TDD easier, most notably of course NUnit.If you're in the area, please be sure to check out their website and plan on attending. Admission is free and there are always great prizes to be had and free pizza for all attendees.
I will be putting the blog through a major overhaul in the very near future. It will inclue:Slide Decks for several of my presentationsProject page for a set of CodeSmith templates which use the Enterprise Library 2.0 CTP and Visual C# 2.0 to generate a data layer. This first version will only use the DAAB (Data Access Application Block) but I expect to extend it in the near future to include use of the Logging & Instrumentation Block and the Exception Handling Block at a minimum. I also have some interesting ideas for how to use the Security Application Block down the road.Possibly an upgrade to version 1.2 of Community Server, that depends on how they're development proceeds.