Devoxx keeps growing in its role as a window on the newest evolutions in the mainstream software development world. Its original core is still going strong – the Java platform – but increasingly the event makes room for additional subjects, such as additional languages, frameworks, technologies… Last year, it put Scala in the spotlight as a post-Java language, while this year attention is drawn to the emerging ‘NoSQL’ data technology movement.
Without abandoning Java, the growing interest for other languages at Devoxx is eminently appropriate. Increasingly, developers are encouraged to use the right applicable programming language for creating specific pieces of an application. Say, the right language at the right spot at the right time. That makes sense as today applications often are assemblies of collaborating parts (or services).
Therefore, developers must be aware of the importance of being well versed in several programming languages, of being multi-lingual. Actually, that’s being doubly multilingual, as preferably the ‘language’ of the people at the business side of the company should be learned by developers.
Clearly, this requires an increased flexibility on the part of the developer, and a solid grounding for this should be laid during his or her initial studies, as well as kept up in an unending process of additional schooling and training. Devoxx plays an admirable role in this process. Luckily, integrated development environments increasingly support multiple languages, making life easier for developers. However, the bottom line is clear: the era of ‘one language fits all’ has come to an end and developers really should take that to heart.
About secure software
If I could have wished for more attention at Devoxx for a particular subject, that would be ‘developing secure software’! This is truly another aspect that developers should take to heart. As it is, there are hardly any presentations at Devoxx specifically covering this subject, and more’s the pity. Actually, the only security topics in the schedule of Devoxx relate to access management (as ‘UMA j – an User Managed Access framework’, and ‘Open Source authentication and authorization’), with nothing being said about e.g. hardening web applications against attacks. Amazing, considering that web applications are at the heart of Devoxx, with presentations about their development, deployment and management, as well as the whole supporting ecosystem of tools and technologies.
Unfortunately, plenty of web applications – new and old ones – suffer from dangerous weaknesses, as was yet again made clear by a study, the ‘2010 Data breach investigations report’ by Verizon Business. This study reports on the forensic investigations by Verizon and the US Secret Service (the law enforcement unit fighting cross-state financial fraud) of actual breaches, including the attack pathways. In not less than 54 % of all breaches in this report, web applications provided the path of attack (or were part of it)! Together, these attacks were responsible of 92 % of lost records. A major culprit is – and has been for the past 10 years – sql-injection (a problem in 25 % of all breaches, responsible for 89 % of all lost records). As a result, security guru Peter Tipett of Verizon Business implores developers to perform at least a lightweight test on all applications (rather than limit testing to the most mission critical applications) for the more common types of hacking (as sql injection). Even better would be to design applications from scratch with an view to security, as well as rendering every component as secure as possible. Even in agile development environments, with probably not all requirements known to the developers, designing and testing for security should form an integral part of the development process.
Continuing problems with web applications will hamper the growth of e-commerce and other e-activities, impacting in its turn the fortunes of the software development industry and its developers. So don’t spoil a good game for yourself, pay attention to secure software, go for a security development lifecycle when developing your software! Meanwhile, keep you mind open and enjoy Devoxx.
Test all applications for the more common types of hacking.