Russel Fernandes
Jul 21, 2017 · 1 min read

Thanks for writing the article, the issue well explained.

But no excuses for the sloppy programming, or the sloppy code reviews and lack of thorough testing. See the results when you allow for this?

Also this has nothing to do with old school financial systems programming versus more recent web based CI/CD based releases. This is just sloppy stuff. Banking, Payables, Receivables, Payroll, Insurance systems either contained within corporate networks, integrated with external systems, opened to web customers can’t tolerate this poor programming and thus understand the risks and take care to test, test, test.

Negative testing, code reviews by a portion of the testers not embedded in the code asking perfectly challenging questions of the programmer/s and other reviewers — “explain to me how this cannot occur…”. “show me what happens if someone decides to…”, “…can something just like a SQL injection in any function call wreak havoc?” etc.

While the business functions and industries mentioned above are mature in terms of the process and systems supporting them, this problem is less of a web thing than it is a lack of maturity and application of rigor in software development…which may now pay the highest price unfortunately with permanent loss of consumer faith.

)

    Russel Fernandes

    Written by