Are you rugged?
As a developer, I’ve heard a number of adjectives applied to those who practice my craft.
“Rugged” isn’t one I expect to hear very often.
Granted, there are a few who alternate their brief stints of coding with explorations of the far-flung hinterland, but even these never quite seem to fill the “rugged” ideal.
Today, I and many of my fellow developers can finally declare ourselves to be “rugged” under the new “Rugged Software Manifesto”.
I’m not sure how attractive that adjective will be to the target audience of developers, but I can do nothing but applaud the goals of the project.
Plain and simple, the project aims to turn “feature-eager” developers into writers of robust and secure code.
That just can’t be a bad thing.
I’m always whining about developers who have been taught how to add features to their program, and who get heaped with praise for doing so, when the end result is that the program has piles of unexpected features added in, by virtue of the developer’s not wanting to ensure that the software can’t be exploited.
The Rugged Software Manifesto seems to be about reminding developers that they have a duty to declare that a feature isn’t finished until it not only does what it is expected to do by its designed, but also does not do what it is not expected to do.
The Manifesto emphasises that the attackers may be cleverer and more persistent than the developer – no surprise, because a developer has to be “finished” with his software at some point, but the attacker never has to be finished attacking it, until everyone has stopped using it.
I’m not sure that I agree with comments in news interviews that the Rugged Software Manifesto will naturally butt heads with the Agile Manifesto – the really good Agile adherents recognise that security is a feature that needs to be developed like any other before shipping a final product, and ideally needs to be developed at each sprint, for each feature.
Only those people who are desperate to cling to the latest fad are Agile to the point of being Fragile. And since Rugged may now be the latest fad, the Rugged Software folks will only be too pleased to welcome those bandwagon-riders on board. Maybe they’ll learn a thing or two about writing secure code.
That Manifesto in Full
For those of you that don’t click through to the links, here’s the full text of the Rugged Software Manifesto. Hand on heart, straight face on front of head, repeat after me: