Five Tasks Developers Love to Hate
Five Tasks Developers Love to Hate
Tips for keeping developers happy.
Join the DZone community and get the full member experience.Join For Free
It’s been said that software developers and artists have a lot in common. Both groups share a particular love for their craft and often throw themselves wholeheartedly into new projects, passionate about putting together the secret sauce to create the next great thing. Unfortunately, it’s not all unicorns and rainbows.
Along with the rush that comes with the tasks developers love: blocking a potential hack with a few nifty lines of code or releasing the app that will take humanity one step closer to Mars, come those mundane tasks that leave many with an itch to run for the hills.
In hopes of learning more, and maybe coming up with a way to relieve developers from their urge to flee, I ventured into our R&D cave to ask developers which tasks they absolutely hate. Their answers were diverse and provided me with more than enough gripes to launch a monthly newsletter.
Here is a list of five of those tasks that developers just love to hate, along with some suggestions for alleviating the pain.
#1 Testing: Making Security Part of the Dev Game
In the olden days, developers weren’t expected to test. That was the QA team’s job after the product was created, and developers weren’t crazy about that phase, either.
While most developers still hate testing their software, the adoption of Agile and DevOps methodologies requires that software development outfits stop relegating testing to a separate phase and team. If you want to develop products at a steady pace, without sacrificing quality or security, test your code before you pass it on.
In recent years developers have taken over more of the vulnerability management responsibilities within their organizations, catching issues early and fixing them before they cause bottlenecks before a release.
Today, not writing tests for your code is considered irresponsible. As one of our seasoned developers told me, “Testing is a religion you have to practice.”
#2 Documentation: What Up, Doc?
Clearly, developers would rather code than sit around and summarize it after they are finished. There is a never-ending list of reasons for developers’ aversion to the task.
While there’s no argument that writing and maintaining documentation takes time, it also saves a lot of time in the long run.
First, it helps make the onboarding process quicker and easier, and second, it helps other maintainers and developers to build and enhance the original project. Think of it as helping your future self, employee, or teammate continue to build the project.
#3 SAST Reports: Keeping Source Code Clean
SAST (Static Application Security Testing) tools are one of several application security tools for proprietary code that have become extremely popular over the past few years with security teams interested in covering their proprietary code.
We can all agree that shifting left security testing, as SAST tools do, is important for saving the time and effort of putting out security fires later on in the game, the developers on the ground have some other thoughts.
Since SAST tools detect vulnerabilities in proprietary code by scanning code for potential flaws that are indicative of security vulnerabilities, they leave developers with an often mind-numbingly long list of potential issues to sift and sort through post-scan in order to determine which are false positives and which actually need attention.
As developers are already buried under a mountain of security alerts, dealing with a list of potential risks in an attempt to rule out the false positives rather than addressing actionable alerts is clearly not how developers prefer to spend their workday.
#4 Open Source Security: A Brave New World
Everyone loves using open source components. What’s not to love? Backed by a community of hardworking coders, and often some of the software industry’s heaviest hitters, open-source code has become a basic building block in all of our software products. It helps us create and maintain projects faster, leaving us the time we need to add our company’s own magic touch to the products we deliver.
But — you know there’s always a but — working with open source components also comes with the added responsibility to manage their security. Known vulnerabilities in open source components can’t be tracked or addressed with your everyday suite of proprietary AppSec tools like SAST.
Luckily, as organizations have come to accept the need for securing open source components, the market for SCA (Software Composition Analysis) tools is teeming with automated solutions that integrate into developers’ environments. These tools can alert developers as soon as a vulnerable open source component is discovered in their software, and sometimes even offer actionable remediation insights and even preparing automated pull requests for fixes.
#5 Daily Stand-ups, and Let’s Just Say It: All Meetings Ever
The daily stand-up, one of the agile methodologies embraced whole-heartedly across the software industry, is meant to be short and to the point, a timeslot to share pertinent information about a projects’ progress and efficiently resolve any potential roadblocks. Alas, the complaints I heard about stand-ups were many. From being scheduled too early in the morning, to running way longer than the pre-defined 15 minutes.
It’s ironic that one of the reasons daily stand-ups came about was to cut down on the number of meetings. Sadly, it appears that some companies simply added stand-up meetings to development teams already tight schedules without reducing the others.
The best advice I got from one of our top managers is don’t be a slave to the process. Don’t schedule daily meetings because “that’s how agile is done,” right? If you do want a quick, recurring meeting to make sure that things are moving along and all team members are up to speed, keep them short and sweet. At the end of the day, you need to establish a process that works for your team.
Take Developers to Their Happy Place: Simplify Processes
Some say a development organization’s most valuable asset is its developers.
Developers will tell you that their most valuable resource is time.
While all five of the tasks listed here serve an important purpose, they shouldn’t be keeping developers away from their coding for too long. Whether it’s testing for security issues and remediating them as early as possible, or simplifying and speeding up development, there are tools and processes out there that simplify these processes.
Organizations that want to keep secure and move at the speed of DevOps, should respect their developers’ time and provide them with the solutions that they need to stay in their happy place.
Opinions expressed by DZone contributors are their own.