> "You won't find good engineers interested [in fixing vulnerabilities]. It's a waste of their talent."
> "He said engineers dedicated to coding will not devote time to fixing bugs."
Unless he meant to say finding the bugs or doing quality assurance, this is very elitist. Engineers dedicated to coding should fix bugs they themselves created, because it means they know the source code better than anyone, and will be able to do so with minimal effort and minimal side-effects.
Saying it's a waste of their talent made me puke a little. Coding is fixing bugs. It's a big part of development, and often takes the hardest work or most thinking. You can't just start throwing code around and expect someone else to come around and fix your bugs for you. That's ridiculous and will probably result in a culture where new bugs are created faster because there's no responsibility.
> "You have to analyse the vulnerabilities of these apps and understand attacks, at a very fast speed. We don't have that time anymore."
If you're coding a web app and you're (calling yourself) a topnotch engineer, you should understand the basics of web app security, and how to avoid the top attack vectors such as XSS, SQL injection, XSRF, etc... You really have no excuse not knowing about them, and should from the ground up code the app to avoid these vulnerabilities. Saying it'd be a waste of talent just doesn't make sense, because if you have any talent in coding, then you know about these, and you know how to code the app without creating them. It's like a reflex.
My conclusion: this CEO Philippe Courtot is full of shit.
> He said engineers dedicated to coding will not devote time to fixing bugs.
That's so corporate. Engineer will do whatever is necessary to make the goddamn thing work properly.
I briefly worked at software production division of some corporation. They had funny attitude. They were building their apps in the scrum process fixing bugs as they went (reluctantly because, no story points for bugfixing and everyone loves points even though it's just a planning tool not performance measure) but when the project was considered done (by whoever made such decisions) it was promptly forgotten as if it was just perfect. As if they weren't aware that the piece of software they just architected and engineered is bug ridden piece of crud, as every software is until you spend a at least year with your users weeding bugs out.
"You won't find good engineers interested [in fixing vulnerabilities]. It's a waste of their talent."
If developers know that they'll have to fix their own bugs, hopefully they'll be more careful there will be fewer bugs. Also, developers fixing bugs in their own code are less likely to introduce additional bugs than people fixing bugs in code they don't know well.
Also, if these developers are really so talented, why do they write code that's full of vulnerabilities?
> "He said engineers dedicated to coding will not devote time to fixing bugs."
Unless he meant to say finding the bugs or doing quality assurance, this is very elitist. Engineers dedicated to coding should fix bugs they themselves created, because it means they know the source code better than anyone, and will be able to do so with minimal effort and minimal side-effects.
Saying it's a waste of their talent made me puke a little. Coding is fixing bugs. It's a big part of development, and often takes the hardest work or most thinking. You can't just start throwing code around and expect someone else to come around and fix your bugs for you. That's ridiculous and will probably result in a culture where new bugs are created faster because there's no responsibility.
> "You have to analyse the vulnerabilities of these apps and understand attacks, at a very fast speed. We don't have that time anymore."
If you're coding a web app and you're (calling yourself) a topnotch engineer, you should understand the basics of web app security, and how to avoid the top attack vectors such as XSS, SQL injection, XSRF, etc... You really have no excuse not knowing about them, and should from the ground up code the app to avoid these vulnerabilities. Saying it'd be a waste of talent just doesn't make sense, because if you have any talent in coding, then you know about these, and you know how to code the app without creating them. It's like a reflex.
My conclusion: this CEO Philippe Courtot is full of shit.