comment on

Warning: While Perl is mentioned in this post, it's only related to Perl in the most peripheral sense.

Recently, I had my review here at work and I was asked what things about the company that I would do differently. The major issue that I brought up was security -- we don't use taint checking and I was pretty insistent that we are fools for not doing it. The owner's response: "oh, but we use passwords." Our IS director admitted to me frankly that he didn't know what taint checking is. My suggestion, as a result, was once again ignored.

Another suggestion I had was that we put more work in to developing specifications so that I know what I'm supposed to be programming as opposed to developing things piecemeal. The response: "Our clients don't know what they want, so they can't provide us with accurate specifications. This is the Web. Get used to it."

Other things I have noticed:

sub do_stuff {
    ($file, $message) = (@_);
    open FILE, ">>$file";
    print FILE $message;
    close FILE;
    return true;
}
[download]

That's a slightly modified code snippet which reveals several things:

Strict was not used.
Warnings were not used.
File opens are not verified.
When I asked what the heck "return true" was about, it turns out that the coder (who is still with us) is a javascript programmer who did that "out of habit."

To make matters worse, the IS director keeps "rolling his own" modules because he doesn't want to risk using "unstable" CPAN modules. Needless to say, his modules are chock full o' bugs and we're constantly finding new ways to break them.

Which brings me to my point: I'm considering hunting for a job where I can develop my skills in an environment where the programmers know what they are doing. However, after finding this code and seeing some of the "production code" posted here, I am concerned as to whether I am Questing for the Grail. The only consolation that I have is that these are a bunch of really nice people that I enjoy being around.

What has been your experience? I'm specifically wondering about the following:

Do you believe that developing Web sites means you can't have adequate specs?
I believe that you can and that those specs are imperative, but I'm willing to admit that I'm wrong.
Do most Web development companies take security seriously, or is it treated as an afterthought?
Is your company averse to installing CPAN modules, even if they have been reviewed carefully?
Do you have a job for a Portland, OR monk ;)

While I feel that I am a generally solid programmer, I realize that I have a LOT to learn. I feel that I can better do that in a company that takes programming and security seriously, but I am seeing many examples where companies using Perl don't appear to be doing that. Will I be disappointed with most companies? Am I being conceited?

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to What quality is your company's code? by Ovid

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.