This week from the news of the surprising – a unique surveyby Computer Weekly shows that there is a strong tendency by IT professionals, including software developers and managers, for risk taking. Is this survey telling us that as a group we are not prudent, wary, or systematic? Is our natural tendency to build software without worrying about the quality of the product, the possible security vulnerabilities, and the inherent risk in the products we ship?
“Impulsive” and “optimistic” doesn’t sound like the folks I work with. So, what explains the results of the survey? I believe it might be attributed to the lack of access to the right processes, technologies, and tools that would help mitigate that risk.
Developers and managers adopt technologies and tools that improve efficiency, are automated, and simple to use – from basic things such as choosing a code editor, to more advanced concepts of adopting development methodologies such as Agile.
So if you provide a tool, a process, a solution that is efficient, automated, and simple to use that helps mitigate risk, it will be adopted in a heartbeat. Take compilers for example. When writing new code, think about how long you spend carefully reading the newly-entered code looking for syntax errors before you let the compiler tell you. For most developers, it usually very little. The idea is to let the compiler tell you about syntax errors while you focus on how best the code can achieve the functionality it is written for.
But do we have something automated and simple for mitigating risk? The answer might be in giving the development team access to good quality code testing solution. It helps with efficiency when the analysis results are valid, point to the high impact coding defects, and are actionable. And it is certainly automated and simple to use when integrated into the build or used as a gate before moving the software to the next step in the QA process.
So if given a choice between being cautious and a risk taker, I pick risk averse when I know the software I am creating runs on medical devices, airplane control engines, and computer networking devices with people’s personal data.