tags:

views:

349

answers:

7
Q: 

Should developers be limited to certain software for development?

Should developers be limited to certain applications for development use?

For most, the answer would be as long as the development team agrees it shouldn't matter.

For a company that is audited for security certifications, is there a method that balances the risk of the company and the flexibility, performance of the developers?

Scope

  1. coding/development software
  2. build system software
  3. 3rd party software included with distribution (libraries, utilities)
  4. (Additional) Remaining software on workstation

Possible solutions

  1. Create white-list of approved software where developer must ask for approval for desired software before he/she can use it. Approval would be based on business purpose/security risk.

  2. Create black-list for software. Developers list all software used. Review board periodically goes over list.

Has anyone had to work at a company that restricted developer tools beyond the team setting? How did they handle the situation?

Edit

Cleaned up question. Attempted to make less argumentative.

+1  A: 

Whatever they do, don't take away the Internet in general. Google = Coding Help 101 :)

Or maybe just leave www.stackoverflow.com allowed haha.

Nick Bedford  2009-09-28 03:57:47
I'd say if you leave Stack and disable google Stack will be flooded by really simple LMFTFY questions :)
freiksenet  2009-09-28 04:00:41
+3  A: 

I think developers should have total control on applications that they use as long as they can do their job with them. Developers' productivity is directly related to working environment and no one will like being restricted and everyone likes to use software they like themselves.

Of course there should be some standards in terms of version control, document format, etc., but generally developers should have right to use any programs they want.

And security should be developer's concern - company admins should care about setting up proper firewall to protect against any kinds of attacks.

freiksenet  2009-09-28 04:04:01
Agree, except for the last bit.
Darryl Hein  2009-09-28 04:09:24
At a project team level, I will concede that restrictions can be made for the project. However I'm more concerned for a blanket policy for ALL teams in the development dept and ways that can be handled.
TJ  2009-09-28 04:33:17
+1  A: 

Of course! If you want a repeatable build process, you don't want it contaminated by whatever random bit of junk a programmer happens to use as a tool to generate part of the code. Since whatever application you are building lasts much longer than anyone expects, you also want to ensure that the tools you use to build it are available for roughly the same duration; random tools from the internet don't provide any such gaurantee.

Your team should say "The following tools are allowed for build steps and nothing else" and attempt to make that list short.

Obviously, it shouldn't matter what a programmer looks at to decide what to do, so the entire Internet is just fine as long as its just-look. Nor does it matter if he produces code by magic (or random tool) as long as your team doesn't mind accepting just that tool's output as though it were written by hand.

Ira Baxter  2009-09-28 04:05:41
The build process shouldn't be done on developer machines! Yes you definitely need to have discipline around shared resources (such as build machines), but that doesn't mean you need to limit what tools the developers can use on their own machines
Orion Edwards  2009-09-28 04:14:12
Sure it does. For any tool that produces code on their machine,if there is any value in running that tool to manufacture new code from inputs, then it will have to go into your build process.If they produce code once and you are happy with whatever got produced (e.g., its ok to edit that by hand), then it doesn't matter what tool they use.
Ira Baxter  2009-09-28 04:24:03
Somebody seems to think I suggested build processes should run (only?) on a developer's machine. Where your build process runs has nothing to do with my answer. (Ours happens to run on both the developer's machine and a build machine).
Ira Baxter  2009-09-28 04:34:55
Don't know why this was downvoted - completely agree with the answer! +1 from me.
Vicky  2009-09-28 09:33:05
_If you want a repeatable build, have a dedicated build machine that you pass a tag/label to your VCS to._ If a developer uses a tool to create some data/code/whatever, either this data is created only once (then it doesn't matter) or it should be create during the build process anyway. If the build process/machine doesn't know about that tool, then the developer is breaking the build anyway. So I see no need to ban unknown tools for this reason. -1
sbi  2009-09-28 09:46:01
@sbi: That's effectively what I said. The only difference is how you enforce "don't use an unknown tool". All too often some programmer does exactly that and creates a dependency ("Well, this tool was cool and helpful, and to back it out I'll require two weeks of additional effort", thus forcing an agonizing decision. No need to have this technical blackmail. Just outlaw them up front.
Ira Baxter  2009-09-28 09:58:17
Ira: I agree about the restrictions on the build machine, but I believe the original question was not about the build machine, but about software to be used by developers. There is a TON of stuff which you may not want on the build machine (texteditors, graphics applications, etc) but that you should still allow your devs to use on their own machines
Orion Edwards  2009-09-28 19:28:12
I'm in total agreement that programmers can do whatever they want, with whatever tool they want, as long as it doesn't turn into something that has to go into the build script. However it is all to common for programmers in their enthusiasm to create a tool dependency without asking that *does* end up in the build script, to the detriment of build management. having committed to perl, I can't tell you how many times I've had to bat down bash, csh, cmd files, sed, or other "gee that was easy, why won't you take my tool?" question.
Ira Baxter  2009-09-28 23:33:29
Yep, having been a buildmaster I've seen my fair share of that too. "Just install cygwin, this custom build of perl, and put these ANT scripts in the system32 folder, install tomcat 6 with the IBM java compiler, and you're good to go!"
Orion Edwards  2009-09-30 00:54:03
TJ's question originally seemed to refer to software that is not directly development related (he explicitly mentioned Pidgin and Chrome). In this form, I would have agreed with Orion Edwards and MusiGenesis.But then he edited it massively, and now he explicitly lists development-related software *first*. This changes everything. Now I'm with Ira.
oefe  2010-08-07 11:59:14
+16  A: 

Limiting the software that developers can use on their work machines is a fantastic idea. This way, all the developers will quit, and then the company won't have to spend as much money on salaries and equipment, resulting in higher profits.

Real answer: NO!!!

MusiGenesis  2009-09-28 04:06:04
I love this answer! It shows the developers' perspective if a bad solution is found. However it doesn't really answer the question... I like to think of a snippet from the base article of http://improvingsoftware.com/2009/09/17/the-unspoken-truth-about-managing-geeks/ "Arbitrary or micro-management, illogical decisions, inconsistent policies, the creation of unnecessary work and exclusionary practices will elicit a quiet, subversive, almost vicious attitude from otherwise excellent IT staff."
TJ  2009-09-28 04:28:26
@TJ: I agree with every word of that quote except "quiet".
MusiGenesis  2009-09-28 04:51:53
I would agree with your answer to the question in its original form. But in its current form, I disagree absolutely.
oefe  2010-08-07 12:04:16
@oefe: perhaps you might want to try a new hobby? I recommend bicycling or remote-controlled model airplanes - anything to get you out of the house. :)
MusiGenesis  2010-08-07 12:27:57
+5  A: 

No, developers should not be limited in the software they use, because it prevents them from successfully doing their jobs. Think about how much you are paying your team of developers, - do you really want all that money to go spiraling down the drain because you've artificially prevented them from solving problems?

1) Company locks down the pc and treats the developer as competent as a secretary

What happens when the developer needs to do something with administrative permissions? EG: Register a COM object, restart IIS, or install the product they're building? You've just shut them down.

2) Create a white-list of approved software...

This is also impractical due to the sheer amount of software. As a .NET developer I regularly (at least once per week) use upwards of 50 distinct applications, and am constantly evaluating newer upgrades/alternatives for many of these applications. If everything must go through a whitelist, your "approval" staff are going to be utterly swamped by just one or 2 developers, let alone a team of them.

If you take either of these actions, you'll achieve the following:

  1. You'll burn giant piles of time and money as the developers sit on their thumbs waiting for your approval team, or doing things the long slow tedious way because they weren't allowed to install a helpful tool

  2. You'll make yourself the enemy of the development department (not good if you want your devs to actually do what you ask them to do)

  3. You'll depress team morale substantially. Nobody enjoys feeling like they're locked in a cage, and every time they think "This would be finished 5 hours ago if only I could install grep", they'll be unhappy.

A more acceptable answer is to create a blacklist for "problem" software (and websites) such as Pidgin, MSN messenger, etc if you have problems with developers slacking off. Some developers will also rail against this, but many will be OK with it, provided you are sensible in what you blacklist and don't go overboard.

Orion Edwards  2009-09-28 04:12:01
This is more of what I'm looking forward to! Keep them coming!
TJ  2009-09-28 04:30:47
I would agree with your answer to the question in its original form. But in its current form, I disagree absolutely.
oefe  2010-08-07 12:02:52
Ouch. I didn't realize the original poster had rephrased the question into something entirely different. Future readers take note!
Orion Edwards  2010-08-09 01:25:48
+2  A: 

I'd say this depends on quite a list of factors.

One is team size. If you have a team of half a dozen developers, this can be negotiated whenever a need for some application pops up. If you have a team of 100 developers, some policy is probably in order.

Another factor is what those developers do. If they compile C code using a proprietary compiler for an embedded platform, things are very different from a team producing distributed web or PC software in a constantly shifting environment.

The software you produce and the target customers are important, too. If you're porting the Linux kernel to some new platform, whether code leaks probably doesn't matter all that bad. OTOH, there are a lot of cases where this is very different.

There are more factors, but in the end it all boils down to two conflicting goals:

  • You want to give your developers as much freedom as possible, because that stimulates their creativity.
  • You want to restrict them as much as possible, as this reduces risks. (I'm talking of security risks as well as the risk to ship non-functioning software etc.)

You'll have to find a middle ground that doesn't hurt creativity while allowing enough guarantees to not to hurt the company.

sbi  2009-09-28 07:11:20
+1  A: 

A better solution would to create a secure independent environment for the developers. An environment that if compromised won't put the rest of the company at risk.

The very nature of the development is to create crafty ingenuous pithy solutions. To achieve this, failures must happen.

Chuck Conway  2009-09-28 09:52:34

related questions

What FoxPro data tools can I use to find corrupted data?
Analyzing Multithreaded Programs
any good tool for makefile generation?
Actual Productivity Gains from Multiple Monitors
Generate Insert SQL statements from a csv file
Improving Productivity of my Teams
Eclipse : Class file name must end with .class exception in Java Search
Why are MSDN subscriptions less expensive in the US?
How do you manage all your projects and ideas?
Geographically Distributed Development
Best Multi-Language Documentation Generator
What code analysis tools do you use for your Java projects?
IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
What are your must-have tools?
Do you have any recommended plugins for Eclipse?
Do you have any recommended add-ons/plugins for Microsoft Visual Studio?
Setting up an Erlang development environment
Auto Generate Database Diagram MySQL
Essential Programming Tools
A good freeware ICL browser?
Monitor a specific RSS
Online Peer Code Review?
Wordpress theme development offline tools
Is there an IDE that provides code completion for Python
Continuous Integration System for a Python Codebase