●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byhcs_$reboot ( 1536101 ) writes:
That's not the same web devs making those same mistakes. Developers with some experience do not write code that fails against easy sql-injection. But companies prefer to hire younger inexperienced devs for the reasons that have been discussed here on /. many times.
bygweihir ( 88907 ) writes:
Does not match my experience. Some (few, say 10%) of these people do indeed acquire insight and experience with more time in the field, but most do not seem to. They make the same basic mistakes and have the same defective and incomplete understanding of how thing work, 5 years in, 10 years in and then they move to another field because they have become unemployable in their "specialty".
bywar4peace ( 1628283 ) writes:
Well yeah, because most are web developers; very few are web developers AND security experts at the same time, and they are usually way more expensive.
Code written by web developers must go through a security audit and insecure parts need to be rewritten to close the security holes.
Parent
twitter
facebook
byeneville ( 745111 ) writes:
Code written by web developers must go through a security audit and insecure parts need to be rewritten to close the security holes.
I think *all* code should go through at least peer review by a senior team member. It is the flamboyant prima donna who thinks they are above the rest of the team make the biggest blunders.
bygweihir ( 88907 ) writes:
Well, yes. But what if you do not have senior member that can do it, because the only senior team member is already the only one that can do the more complicated things? That seems to be the standard set-up these days.
bytepples ( 727027 ) writes:
I think *all* code should go through at least peer review by a senior team member.
If there are more than one programmer at a company, yes. But when (say) a small toy retailer in the Midwest has the budget to hire only one programmer to build its order fulfillment back end, who would review his code? Fortunately, this company's programmer at least takes care to escape HTML, parameterize or whitelist anything going into an SQL query, and require all POSTs to include the session's CSRF token.
● current threshold.
●urrent threshold.
●rrent threshold.
byichimunki ( 194887 ) writes:
As a flamboyant prima donna I take offense to this. I've worked with plenty of "senior" developers who couldn't code a light switch correctly, let alone make useful comments on mywork.
All code should go through an automated scanner, though. On both the source side and the web client side.
Then, once it doesn't have any obvious flaws, it goes to QA, which-- unlike development-- should be staffed with hardcore types with lots of experience and no fear of pissing off developers, PMs, or management. I've se
bygweihir ( 88907 ) writes:
Tell me about it. I am a security expert and sometimes do coding for customers. For one large customer, I do cost about 2.5 times per hour than their regular coders. On the other hand, I think that their regular coders are directly more expensive and the time they need to do things (than then suck afterwards) is really impressive. I have seen quotes like $500k just for changing the path in a web-application and placing a proxy in front of it. Incredible.
byaccount_deleted ( 4530225 ) writes:
Comment removed based on user account deletion
bywar4peace ( 1628283 ) writes:
Well, at least they all _pretend_ they value security :)
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...