Kannanb Writes
Why Reuse a Square Wheel? On Using Unaudited Code From the Net
Why re-invent the wheel? We do not write our own code!! The young software engineer was beaming. We just search the net for code and use the code in our software. we may need a slight customization. "Do you understand the code you use?" I asked. "No, what is the need? Always it will be several lines and we will just check whether it works correctly!!
I was amazed!! Is software industry all about cutting and pasting and customizing!! On an enquiry I found that possibly this was happening in many places. In time pressure, software developers do not have time to code or even check the code inside out. They reuse uncertified code from the Internet!!
What are the disadvantages of this approach?
Firstly, there is no guarantee that it will work in all situations. Some times the code written by somebody may give unexpected results. Secondly, you cannot document the code in your own style because you do not know what it contains. Third is the question of copyrights. Finally you may end up with a product containing thousands of lines of code, which violates copyright laws. Also continuous use of such code degenerates your coding skills.
But the worst of this is the security point. The code you download may contain malicious instructions or code. This code may do a lot of unwanted things at unwanted times like transferring information from your site to somebody, stealing your mailing list and displaying an advertisement . Also even though not malicious, the code may not be secure, allowing for attacks.
So what are the precautions to be taken?
1. Before reusing a large number of lines of code make sure that the code is from a trusted source , and it does not infringe intellectual property rights.
2.As far as possible, perform an inspection of the code to understand the structure of the code and document it according to your company’s standards.
3. Scan the code for any insecure elements, or malicious code. A security expert can do this before allowing reusing the code.
4. Put such trusted code in your code library so that it can be reused with confidence next time, clearly documenting the source, name of the person downloaded, and comments.
Why re-invent the wheel? We do not write our own code!! The young software engineer was beaming. We just search the net for code and use the code in our software. we may need a slight customization. "Do you understand the code you use?" I asked. "No, what is the need? Always it will be several lines and we will just check whether it works correctly!!
I was amazed!! Is software industry all about cutting and pasting and customizing!! On an enquiry I found that possibly this was happening in many places. In time pressure, software developers do not have time to code or even check the code inside out. They reuse uncertified code from the Internet!!
What are the disadvantages of this approach?
Firstly, there is no guarantee that it will work in all situations. Some times the code written by somebody may give unexpected results. Secondly, you cannot document the code in your own style because you do not know what it contains. Third is the question of copyrights. Finally you may end up with a product containing thousands of lines of code, which violates copyright laws. Also continuous use of such code degenerates your coding skills.
But the worst of this is the security point. The code you download may contain malicious instructions or code. This code may do a lot of unwanted things at unwanted times like transferring information from your site to somebody, stealing your mailing list and displaying an advertisement . Also even though not malicious, the code may not be secure, allowing for attacks.
So what are the precautions to be taken?
1. Before reusing a large number of lines of code make sure that the code is from a trusted source , and it does not infringe intellectual property rights.
2.As far as possible, perform an inspection of the code to understand the structure of the code and document it according to your company’s standards.
3. Scan the code for any insecure elements, or malicious code. A security expert can do this before allowing reusing the code.
4. Put such trusted code in your code library so that it can be reused with confidence next time, clearly documenting the source, name of the person downloaded, and comments.