Greetings and Happy New Year. It’s early in the month and we’ve already had our first reported IoT Hall-of-Shame entry, as you know if you follow that page or my twitter @codecurmudgeon. For those who live inside Facebook I’ve decided to make your life easier by adding a Facebook page for the Internet-of-Things IoT Hall-of-Shame as well. That way you can just follow it and it will show up in your Facebook feed.
“Things” are being hacked at a furious pace – some even call it the “Internet of Evil Things”. It’s amazing how often I find out about a new hack every single day. Is your TV going to spy on you? Is it easy to hack your phone? Is the stoplight on your corner vulnerable? Keep up to date on what’s happening.
Go check it out, like the page, follow it for the latest IoT Hall-of-Shame updates, and tell your friends. And when you hear about any IoT devices getting hacked please let me know!
I was honored this week to have the opportunity to present a keynote session at EuroSPI 2016. The title of my presentation was “Software Safety and Security Through Standards” and I discussed one of my favorite soapboxes. That is the idea that software development is often less disciplined than it should be, but it doesn’t have to be. We can and should develop software as an engineering discipline.
One of the key ways to start down this path is to implement coding standards properly. Too many are trying to use coding standards late in the process as a way to find bugs, rather than a way to flag improper methods of coding early on. While the former is cool, the latter is far more valuable.
The adage that “you can’t test quality in a product” is well known, but for some reason in software we think that you can indeed test quality into an application. The same goes for application security, perhaps even doubly so.
In order to break out of the current cycle of code, deploy, fix, redeploy we have to start doing things differently. We have to build a more mature software development process and static code analysis is the way to build upon the body of knowledge and best practices available.
Slides are below. Let me know if you have comments, questions, suggestions. And thanks to everyone at EuroSPI and ASQ for putting on a great conference and allowing me to participate. These are great organizations to get involved with if you’re serious about software quality. I encourage you to check them out.
I’m trying to get a better feel for the Android development community from a testing perspective? If you’re creating Android apps or plan to in the near future, please fill out the survey and let me know more about what you’re doing.
If you have other areas or specific tools you’re interested in, let me know in the comments below.