Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Programming Security

October, November the Worst Months For Writing Buggy Code 136

chicksdaddy writes "Data from application testing firm Veracode suggests that the quality of application code submitted for auditing is pretty much constant throughout the year — except for the months of October and November, when the average density of vulnerabilities in the code jumps considerably. But why? Is it the pressure of deadlines? The stress of developers' lives (kids back to school, etc.)?"
This discussion has been archived. No new comments can be posted.

October, November the Worst Months For Writing Buggy Code

Comments Filter:
  • by Anonymous Coward on Tuesday December 20, 2011 @04:37PM (#38440450)

    Why do they warn us in December?

    • by M. Baranczak ( 726671 ) on Tuesday December 20, 2011 @04:44PM (#38440540)

      So you have ten months to prepare.

      I bet if we all work hard, we can produce even more bugs next October.

      • Re:A little late? (Score:5, Insightful)

        by Laz10 ( 708792 ) on Tuesday December 20, 2011 @05:17PM (#38441038)

        Looking back at my invoices, I can see that I usually work more hours those two months than any other months of the year.
        I also get depressed from lack of sunlight in the dark Scandinavian autumn days.

        On the other hand a total of one (and that was some trivial layout) bug was reported on the code I coded and shipped in that period this year.

        Maybe the bugs are only found later?
        That also suggests that the bugs found in October and November was introduced by the interns during the summer vacation?

        • Or the group is tackling more complex things in those months. Tester is working like crazy so he doesn't have to work late near Christmas etc. Maybe you release in the new year and everyone is focused on finding and fixing bugs rather than writing new code. A sample of one company (how many products?) probably isn't sufficient. That said I've spent the last couple weeks tracking down one nasty bug, but its December ...
          • Re:A little late? (Score:5, Insightful)

            by tlhIngan ( 30335 ) <slashdotNO@SPAMworf.net> on Wednesday December 21, 2011 @02:38AM (#38445502)

            Or the group is tackling more complex things in those months.

            Easy - it's the holiday season.

            Or you have to realize that October is Ship Month(tm). If it's a physical product that goes in stores, it means the product is sitting in the factory waiting for the software to go on them (it takes many months to get stuff manufactured from component ordering and lead times to physical assembly, so it happens during software development). The code has to be shipped by end of October so the factory has November to program and ship the product to the distributors and then to retailers by December to be on the shelf.

            And that's if they're fast at doing so - most of the time, the product can't be assembled and shipped because all factories are busy, which means what goes on them is a test firmware that downloads the latest on bootup. (Ever notice how many things do a firmware update when you first turn them on? That's why). In which case the deal is to have it ready by shipment in November.

            If your product is software, but has a physical element (like a disc) then your timelines are still short as you have to ship *something* by October to the presses, and then you patch it during October/November while you wait for the discs to come back so you can ship for the holidays. And the goal is to have something

            If your product is purely Internet download, then you need to compete with approvals and all that but that means you have all through October and November to squash bugs. But with any fixed ship date, well, squahing one bug can introduce two more.

            It's because of the holiday seasons that people are furiously fixing and finishing software. No wonder that there's more bugs - people are doing more "quick fixes" that may not be properly tested in order to ship.

            • Hmm. Not sure but I think your timeline is off here. In the US/Canada at least everything has to be out by the US Black Friday. Which is in late November. But you need to press a copy, get it back to the person making the product, confirm it is right, mass produce, ship to stores, stock shelfs etc all before. I suspect to make that deadline your looking at more of a end of September cutoff for development work.
        • Or maybe that's when more newly hired programmers (from last spring's graduating class) are first allowed to put code into the repository (or production).

          • You guys have it all wrong. Oct/Nov are the "Worst Months For Writing Buggy Code". As in, if you want to write buggy code, october and november are the worst times to do it.

          • Aw, don't say that! I just committed my first bit of code to the repo last week, and deployed to prod this week.
            • Well, you may a little slower than the Oct/Nov kids. Of course, statistically, you may have fewer bugs.

    • They had to pass the warning through Q&A to make sure it was not buggy.

  • Worst month for writing buggy code? What's worse about writing buggy code in those months versus writing buggy code in any other month?

    • by ackthpt ( 218170 )

      Worst month for writing buggy code? What's worse about writing buggy code in those months versus writing buggy code in any other month?

      It's a good question. Distraction of holidays, travel, stress, Greg Bell and his festival of tired and oft-repeated Christmas Specials on Sirius/XM,
      with possibly a little monetary discomfort as coders discover there's no bonus (for them like the other of the 99%), possibly also being dragged from your work, constantly for work parties so you lose track of those little things you needed to address before rolling out the final code.

      I generally find Winter (northern hemisphere) is great for coding, wh

      • "little monetary discomfort as coders discover there's no bonus (for them like the other of the 99%)"

        I'm part of the "99%" and I get a healthy bonus. It all depends on who you work for.
    • Q3 financials are in, so the corps put on extra pressure in the last month to close out the fiscal year on a high note.
      • by geekoid ( 135745 )

        Isn't the financial YE in June?

      • Many companies in the US start the fiscal year in October matching the fiscal year of the US govement. The United States government fiscal year for 2012 ("FY 2012" or "FY12") is as follows:

        1st Quarter: October 1, 2011 - December 31, 2011

        2nd Quarter: January 1, 2012 - March 31, 2012

        3rd Quarter: April 1, 2012 - June 30, 2012

        4th Quarter: July 1, 2012 - September 30, 2012

    • by mwvdlee ( 775178 )

      According to http://en.wikipedia.org/wiki/Insect_winter_ecology [wikipedia.org], many bugs either migrate or hibernate during winter.
      With less bugs available, incorporating them into your code is much harder.
      A corollary of this is that the harder it becomes to find bugs, the less bugs there will be in your code.
      I wonder what months would be worst for writing buggy code in the southern hemisphere.

  • by DJ Jones ( 997846 ) on Tuesday December 20, 2011 @04:39PM (#38440478) Homepage
    You guys have kids?
    • Re: (Score:2, Troll)

      by ackthpt ( 218170 )

      You guys have kids?

      Revoke their geek cred, unless they're schooling their kids in the finer points of science and technology.

      • by Anonymous Coward on Tuesday December 20, 2011 @05:17PM (#38441030)

        Seriously? You haven't forked off a child and dealt with real process management issues or handled dirty log files until you've installed mini_me 0.2. And don't even get me started on working out the upgrade path to teenager 0.8. I'll guess you haven't even upgraded your personal operating system to the point where it's compatible with wife 1.0, heck you probably haven't even found a place to download girlfriend 0.3 let alone figured out the sweet_love module. Revoke my geek cred? Yeah right.

        • by Anonymous Coward

          you probably haven't even found a place to download girlfriend 0.3 let alone figured out the sweet_love module.

          Gives a whole new meaning to modprobe...

    • by Baki ( 72515 )

      I have two teenagers. But to my defence: when I joined slashdot in 1998, I didn't have any children yet.

  • by Anonymous Coward on Tuesday December 20, 2011 @04:39PM (#38440482)

    Okay like so many other Slashdot readers, I only read the headline...so what month is a GOOD month in which to write buggy code?

  • by willaien ( 2494962 ) on Tuesday December 20, 2011 @04:40PM (#38440494)

    Are there other jobs that have their job performance drop considerably during these two months?

    If not, what can be used to explain this anomaly? Bogus study? Something unique to programmers?

    Is it consistent throughout IT? Are there more reliability issues that can be traced to those months?

    • alcohol?

    • by Moryath ( 553296 )

      Maybe it's the rush of deadlines to get product out for the holidays?

      For instance, Bethesda. Skyrim comes out, they obviously should have taken a couple more months to bug-test given everything that's being found in the game constantly breaking - but they wanted it out early November so they could get the holiday sales.

      • So you're blaming the VGA awards? They only stuck to 11.11.11 to make it in time for a 2011 game of the year award, and someone there is crazy about numerology.
        • by Moryath ( 553296 )

          Not the VGA awards - just the holiday shopping cycle in general. Companies are desperate to make their product the "hot christmas gift title", because it increases sales - shipping a buggy product is no big deal to them in the modern "ship now, patch later" ecosystem of Xbox Live, PC, and PS3. Wii isn't much better, sure there's no "ship now patch later", there's just "ship now and if there's a game breaking bug, too fucking bad" like we saw with Metroid: Other M.

      • by vlm ( 69642 )

        Skyrim comes out, they obviously should have taken a couple more months to bug-test given everything that's being found in the game constantly breaking

        Whats broke? My only problem is the sound is correct, but the volume level is at least 30 db lower than every other game / music player on the machine. At first I thought it was just quiet, like those people that whined all the time about Doom 3 being dark, well, yeah, its supposed to be dark. Maybe skyrim is just in its quiet place. Yet I hear (pun) some people claim the sound is fine and perfectly normal, which is confusing to me. Also I hear all this stuff about just configure my sound for surround

        • by Moryath ( 553296 )

          Whats broke?

          Obviously you haven't been to the Bethesda forums lately.

          Seems like half the quests have quest-breaking bugs in them, the quest-givers are randomly killed off by rampaging dragons in the middle of missions or are killed by "other" quests that pop enemies up near quest givers (one of them comes to mind during the mage's guild story arc in nearby Winterhold). There are a whole host of quests that get un-droppable items "stuck" in inventory permanently, using up precious carrying capacity.

          And then

          • by vlm ( 69642 )

            Hmm I haven't run into any of that. I think I know the part you reference in the mage quests, where the "things" infest the village and you and some of the mages (faralda and friends) help the townies by wiping out the "things". I remember thinking this is all very nice, but if I F around instead of wasting the "things" and as a result faralda or whatever her name is gets killed off, then I'm going to have no one to train me on destruction spells, so I got it in gear before anyone got hurt, and all ended

            • by Moryath ( 553296 )

              Hmm I haven't run into any of that.

              Lucky you.

              I think I know the part you reference in the mage quests, where the "things" infest the village and you and some of the mages (faralda and friends) help the townies by wiping out the "things". I remember thinking this is all very nice, but if I F around instead of wasting the "things" and as a result faralda or whatever her name is gets killed off, then I'm going to have no one to train me on destruction spells, so I got it in gear before anyone got hurt, and all

        • I just ran into a bug during the Greybeards quest line. I don't want to ruin it if you haven't gotten there yet because I think it's actually a cool story, but I'm basically supposed to travel back in time and observe something (in cinematic form), then I get popped back to the present for a fight and the rest of the story.

          Long story short, after six or seven resets I could never get the cinematic to happen. It would animate the time travel, but then I would just sit there. None of the things I was sup

        • by geekoid ( 135745 )

          Many quest are broke. And no a little broke. Saved in the middle of a quest? well 'now you can't finish' kind of bugs.
          Other bugs I have had to find some pretty ridiculous work rounds.

          You derisive remark about torrent was childish.

        • Or: Skyrim comes out, coders play Skyrim too much, don't get much sleep, write buggy code.

        • The controls on the PC in the menus were more sluggish until a few updates ago and they adjusted some of the key bindings to be more in line with typical PC games in terms of navigating the menus. I've also ran into the bug where you can't exit a conversation with someone by pressing tab and have to click on the icon of the tab key in the bottom right of the screen to exit the conversation.

          This is one area where Steam is certainly nice since it automatically updates; I just happen to notice the version numb

      • No offense to BeTheSoda, but they had 7 years.

        A. Great game
        B. Ported from console moderately buggy, buggier for some than others it seems.

        I wouldn't blame the holidays, corporate politics = #1 reason for bugs.

        • by geekoid ( 135745 )

          If Holidays where the reasons for bugs and Bethesda, then Bethesda would have to have Christmas everyday.

      • Well, that's only for commercial software that will see a holiday release.

        This article referred to security vulnerabilities... though, it's unknown if it's commercial software, in-house software, etc. that would have such deadlines.

        The article's take on it was increased stress due to school starting back, etc. Which would affect more than just IT/Development.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      I work for a large utility company. We see a significant increase in injuries and accidents during these months as well. I don't have the numbers and graphs with me, but it's been notably consistent over the past 8 years.

    • by plopez ( 54068 )

      SAD?

    • Are there other jobs that have their job performance drop considerably during these two months?

      If not, what can be used to explain this anomaly? Bogus study? Something unique to programmers?

      Peanuts grow best in the months just prior so peanuts are in abundance.

      You pay peanuts, you get monkeys!

  • People are hired in June, after graduating, and after company introductions their first code is completed in September?

  • This means programmers are aware of lack of sun? Or is it the compounding effects of eating too much of that retched chocolate and other things found around the office during holidays? I know my stomach is doing somersaults right now and a package filled with more treats is winging its way to my from my family.

    Deck us all with Boston Charlie .. Walla Walla was and Kalamazoo.

    • I think this is likely a good part of the reason. In the northern hemisphere where most of the programmers are (since that is where most people live), the days are getting noticeably shorter and colder. A lot of people suffer to some degree by seasonal affected disorder making them more lethargic than normal. Then combine that in some businesses where they are trying to get code related to consumer goods out for black Friday and Christmas season in general. Sleepy overworked programmers, sleepy overworked t
  • by account_deleted ( 4530225 ) on Tuesday December 20, 2011 @04:46PM (#38440568)
    Comment removed based on user account deletion
  • TAXES

  • by slowLearner ( 2498468 ) on Tuesday December 20, 2011 @04:48PM (#38440600)
    don't you mean "Oct, Nov. best months for writing buggy code"? I would think it would be the "Oct, Nov. worst months for writing non-buggy code".
    • by Old97 ( 1341297 )
      I was gonna say. I find that my bug productivity - buggery, you might call it - goes way up in these months. They are great months for writing buggy code.
    • by Anonymous Coward

      No, they're the worst months for writing buggy code because according to TFA, bugs written in those months get discovered in auditing. Who wants that?

  • Budgets, schedules (Score:5, Informative)

    by br00tus ( 528477 ) on Tuesday December 20, 2011 @04:49PM (#38440614)
    Most businesses I've seen, a list of things to do is drawn up in the beginning of the year and set as a goal. Achieving those goals goes into consideration for how one did in a year, bonus, next year's budget etc. The list is usually unrealistic due to pressure from above (or other executives whose title may be the same level as the CTO/CIO, but who are for all intents and purposes, at a higher level due to being so-called "profit centers"). The code base being built on is usually old and broken, the equipment it runs on not the best, the team so-so with a few bright people, and a lot of dumb managers. Things not counted in the schedule are long-time experienced employees getting fed up and leaving, equipment breakdowns, bugs and emergencies that have to be dealt with, or business units who change what they want all year long from the original specification. Plus other things - a third party product is bought, and is very difficult to integrate in the existing system, with more time than initially planned for. By October not many things on the year-end checklist are done and the CTO starts having meetings and banging on the table that he needs checks on the lists to show the CEO what his team has done this year. So people stop writing good, long-term code and start writing crap, so they can check off the list for the end of the year. Things slow down by the end of December, that a few things on the list won't get done becomes accepted, people go on Christmas vacation. That's why bugs go in in October/November.
    • I agree, for additional reasons. Large software projects generally have an end-of-year goal, because of both year-end financial goals and spending habits of customers - money that needs to be spent by the end of the year. Coding needs to be finished in time for QA and config to do their work. Thus, Oct and Nov.
  • Collage grads get hired in June and July and get about 3, 4 months under their belt get use to what they need to do and start getting a little sloppy.
    Also there is the rush to get the project out before the end of the year.
  • From experience (Score:5, Interesting)

    by james_van ( 2241758 ) on Tuesday December 20, 2011 @04:50PM (#38440638)
    Couple of reasons from the office I work at - end of year deadlines means code gets rushed in Oct/Nov in order for testing and review before Christmas. Also, those of us who haven't taken all of our vacation time yet are forced to take time off, disrupting projects. Last minute client changes (to the projects due at the end of the year) add to the pile. And, the stress of the holidays plays a part as well (mostly because we're asocial geeks who are dreading the onslaught of family get-togethers and forced social situations). Usually by December, we've got our projects off for review and testing so there isn't much code being written, and the code that is being written is in response to problems and is a chance to take rushed, bad code and make it a little bit less bad. That's my little piece of anecdotal evidence.
  • Comment removed based on user account deletion
  • October and November tend to be when rumours about not getting Christmas bonuses start circulating.
    • by mark-t ( 151149 )

      I would think that a rumor about not getting any christmas bonus is roughly equivalent to a rumor about the sun being brighter than the moon.

      In order to qualify as a "rumor", I'm pretty sure that there should remain even an inkling of doubt on its veracity.

    • and what better way to make those rumours come true by slacking off!
  • by mark-t ( 151149 ) <markt.nerdflat@com> on Tuesday December 20, 2011 @04:55PM (#38440702) Journal

    All you need to do is simulate the four wheels, and add a rigid body that can be approximated to a box for the main chasis. If you want to get fancy, you can use a polygonal mesh. Then you can use any old physics engine, and presto... you have a buggy.

    It's writing the code for the horses that's a real bitch. There's AI and stuff, and figuring out how the horse should react emotionally to various situations... THAT'S one hell of a challenge.

    • by lennier ( 44736 )

      All you need to do is simulate the four wheels, and add a rigid body that can be approximated to a box for the main chasis. If you want to get fancy, you can use a polygonal mesh. Then you can use any old physics engine, and presto... you have a buggy.

      Yes, but getting buggy whips right seems to be are whole lot harder, since all the vendors keep going out of business.

  • Its probably the rush to make it to market for the Christmas season, "doing whatever it takes" to meet the deadline, code for "taking shortcuts" and "cutting corners". This phenomena is especially applicable to video games.

    Another manifestation of the pressure to ship for Christmas is moving features from the original launch of the game to the expansion pack.
  • Many shops have a code freeze prior to the new year so there's a big push to get things in. SQA falters.

  • for writing bad code?
  • october, november are the months when the weather gets noticeably colder, then cold. and with this progression, not only people but all biosphere (animals, trees, insects) start preparing for winter. everyone gets their biorhythm reduced by the cold, people inevitably start shutting in, everyone turns introvert.

    the secret here lies in the fact that it is a transition period - from autumn, to winter - once the process completes around december, and biology of the organisms are used to cold and comfortable
  • From TFA:

    I saw an average flaw density of 24 flaws per megabyte of executable code and a median flaw density of 3 flaws per megabyte of executable code.

    Seriously? I don't claim to be learned in the art and science of software QA, but WTF is up with this? Apparently, a relative handful of programs are pulling the average quality way, way down. Is there no way to identify these abortions and abort them?

    • by lennier ( 44736 )

      Apparently, a relative handful of programs are pulling the average quality way, way down. Is there no way to identify these abortions and abort them?

      Anything from Adobe.

      What worries me is not so much how much buggy code is written, but the fact that we still don't seem to have any way of detecting buggy code before it ships. (And yet the black hats are consistently able to detect these flaws after the writers ship the flawed code). I'm talking basic fundamental things like "does this code allow buffer overruns". You'd think after 60-odd years of compiler design that there'd be at least some kind of mechanical way we could prevent these whole classes of

  • One of the most frustrating things to deal with as a game developer is the tendency for publishers to try very damn hard to hit a Christmas shiping target. To get through the lot check / TRC process, you pretty much have to be finishing up by September or October. That leaves November for going in and out of lotcheck and giving enough lead time to manufacture the game (if your not shipping a digital product).

    For any software project that is tied to a consumer retail project, your probably going to have to h

  • by Anonymous Coward
    > October, November the Worst Months For Writing Buggy Code

    As someone who strives for buggy code, what are the best months for producing such code?
  • For me, this year, October and November would be buggier, as a result of missing three paychecks (i.e. inability to focus, working for free).
  • by Anonymous Coward

    * It's shitty outside.
    * You want to get home before it's dark, so you leave early.
    * The whole office is getting sick.
    * Every freaking thing is due at once.
    * Half the people on your team are on vacation.
    * The other half of your team hasn't had a day off since June.
    * You're distracted by the holiday insanity.
    * You are suffering from SAD.
    * Kids school activities are peaking.
    * You just gained ten pounds in one week, and you're depressed about it.
    * You've switched to your winter beer choices, which are like doub

    • - planning meetings for Christmas.
      - planning/budget meetings for next year.
      - internal audit.
      - External audit.
      - project wrap ups for stuff that finished mid-year.
      - Cup day
      - footy finals.

      Indeed the lead up to the end of year is so full of management lead distractions that quality time is as rare as can be. Seasonal distractions vary from region to region, but checking the corporate calendar, it always seems to be a holiday or festival somewhere.

      (dam It's too early to be posting here)

  • I blame all the holiday food in the office. Starting out with the candy that appears in early October and ending with the foodfest of Thanksgiving. December is more about running around buying stuff than it is eating, so no half-stuffed sleepy coders are missing semi-colons right now.
  • "When I told you 'thirty days hath September,' I didn't HEX!"

  • just not the developers' kids. it's the problem of developers who are kids. they get hired in may. write some prototype in 1 month and then spend 3-4 months trying to extend it just to find out that writing "just code" doesn't scale too well.
  • bad heading (Score:5, Informative)

    by roc97007 ( 608802 ) on Tuesday December 20, 2011 @07:46PM (#38442858) Journal

    Should read "October, November are the *best* days for writing buggy code." They're the worst days, apparently, for writing bug-free code.

  • That's around the time of the year I'm most often to get sick. When I feel like shit, I don't think/care at a normal capacity. For me, it's all about trying to stay healthy. Of course, it doesn't help when you're working with a bunch of sick coworkers..

  • Stop letting the Amish programme, dammit!

  • ... join the companies and start to write codes?
  • It comes down to Stress. The Months October til early-mid decemer are the most stressful throughout the year when everyone wants to finish everything before the christmas new year period. More stress means more buggy code due to the creative work involved in coding and software design generally.

  • Thats when the beer is freeflowing!!!
    Free as in beer I say!

Most public domain software is free, at least at first glance.

Working...