Juan Carlos Herrera's Blog

The Human Side of Security and Performance

People always ask me about the meaning of "Human Side" of Security and Performance.

About Performance common mistakes are poor algorithm design, wrong use of try/catch, primitive debugging techniques (a lot of "System.out.println"), etc...is not an issue in JVM is "between the keyboard and chair".

Performance-tuned programmer is more important than performance-tuned application, then Profiling Tools are just a medicine.

About Security, programmers doesn't feel the responsibility of be aware about security, the chance to "produce" vulnerabilities doesn't matter. Is important to know that cryptography or any security technology will not work, if you don't know how to use properly.

No other IT role or profession have the same chance to be a real expert security than programmers.

People are not robots, are human beings and learn technologies is not enough to get good levels of security and performance. Is necessary to inculcate to developers principles, techniques, methods, etc to get well-written security & performance software.

Java has a lot of security & performance features, but is necessary to learn a little bit beyond a tool or API.

I will write more about Security and Performance...but, with the "human side" in mind.

Comments

• I'm completely agree with you. Thanks for comment

  Posted by: jcherreram on October 04, 2007 at 08:31 AM

• I do think performance is an important issue, which must be observed from the beginning. But I also think that 'performance-oriented programmers', will just make hard-to-understand designs for the sake of maximum performance.

  The balance between the two (and many others) aspects is what is important, and profiling tools are really useful tools for finding the sweet spot. It's just that you must not rely only on them instead of really knowing what you are doing.

  Posted by: ronaldtm on October 04, 2007 at 04:54 AM

This work is licensed under a Creative Commons License.