The Human Side of Security and Performance
People always ask me about the meaning of "Human Side" of Security and Performance.
About Performance common mistakes are poor algorithm design, wrong use of try/catch, primitive debugging techniques (a lot of "System.out.println"), etc...is not an issue in JVM is "between the keyboard and chair".
Performance-tuned programmer is more important than performance-tuned application, then Profiling Tools are just a medicine.
About Security, programmers doesn't feel the responsibility of be aware about security, the chance to "produce" vulnerabilities doesn't matter. Is important to know that cryptography or any security technology will not work, if you don't know how to use properly.
No other IT role or profession have the same chance to be a real expert security than programmers.
People are not robots, are human beings and learn technologies is not enough to get good levels of security and performance. Is necessary to inculcate to developers principles, techniques, methods, etc to get well-written security & performance software.
Java has a lot of security & performance features, but is necessary to learn a little bit beyond a tool or API.
I will write more about Security and Performance...but, with the "human side" in mind.