IT Employment

General discussion


Programming Certifications

By Jeromey ·
Why is it that when a programming position is posted, not one mention of a certification is required? There are many types of certifications for programmers such as MCSD from Microsoft and ColdFusion MX Devloper from Macromedia.

It is unbelievable the amount of certifications that a Network Engineer, Systems Administrator and even a Helpdesk Support Administrator are required to have.

Here is my thought. Maybe a programming certification would help alleviate some of the buggy applications that are produced every day. I'm not talking only about Microsoft apps either.

If you look at site, you will find many applications with problems from DoS to Cross Site Scripting vulnerabilities.

I think that if these programmers would be more trained, buggy software would be minimized.

The open source community does a really good job at finding and resolving issues with buggy software. Other application vendors should do the same.

My views
[Jeromey Hannel]

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Other variables

by generalist In reply to Programming Certification ...

Programming certifications might help improve the quality of the programmers working on the projects but programming is just a small part of application design.

You would have to consider such things as resource constraints when creating applications. Unless you are with a big organization that can afford the time and effort to do everything right, you end up making compromises to get the application package out the door where it brings in cash to pay the bills. The compromises are necessary because you don't have enough resources to do everything right but you do have enough to do things well enough to work.

Of course, even if you are with an organization that can do things right, you run into the problem of not being able to test ALL the possibilities under ALL of the conditions an application faces in the 'wild', especially in a PC environment. Even with automated testing software, it is highly unlikely that you'll be able to duplicate all the conditions that could crash the application.

At best you might be able to get things to the point that there is a one in a million chance that someone will encounter a bug in a given time period. But if that software is used by several million people, then several people will encounter that bug.

Then you have the factor of having to deal with how your application works when other applications are around. If they were meant to work together, then two or more groups have to coordinate things so that you don't end up interferring with how the other applications function. That coordination effort can be hard to manage and may not be handled as well as it could, especially when trade secrets are involved.

And if the applications are completely independent of each other, you DON'T have any coordination to prevent interferrence. At best you might have all the different groups doing 'safe' programming where everyone does all they can to keep their applications from stomping on the toes of other applications.

To add to the above, you need to have a complete and solid definition of the application even before the first line of code is written. There are times when software 'bugs' can be traced to the end users who didn't quite know what they wanted until the application was delivered. These end users have to experience the application in a production environment before deciding that the application has a 'bug' in it that needs to be fixed. It doesn't matter that the application functions as designed, it still has a 'bug' that needs fixing.

It is an interesting world when it comes to application design and buggy software. But things are getting better on the average. What qualifies as a 'bug' today would have been impossible to create thirty years ago because the technology didn't exist.

Collapse -

RE: other variables

by Jeromey In reply to Other variables

My only concern is that companies and individuals are releasing software with security issues that should have been accessed in the development phase.

If programmers were required to have a cert in their area of expertise, (Perl, C++, etc), they would know about programming practices before the app is released to the public.

In fact, I recently read a vulnerability that exists in the web interface for a camera. Adding an additional slash (/) in the url gives full access to its features. It is this type of vulnerability (and others) that should be addressed.

If a programmer is educated on various types of security issues, there would be less vulnerabilities for hackers to exploit.

I understand that there may not be resources, but general practices should be in place.

Collapse -

Certification coverage

by generalist In reply to RE: other variables

A big question is whether the certification would cover the necessary areas. You would have to verify that they provide a deep enough knowledge of programming practices and security practices to be of use.

And even if a person is certified in one or more languages, they need to practice what they know for it to be effective. Unfortunately, deadlines and human nature can lead to shortcuts that violate approved programming practices but allow the product to get out the door.

Then you have the fact that fixing one thing may break something else. It wasn't that long ago that Microsoft had to withdraw a security fix because it had an impact on a number of antivirus programs. While I suspect that MS programmers follow good programming practices, I also suspect that said practices are not adequate.

And even if a person is certified in a language, things are complex enough that what they knew when they were certified is obsolete even before the certification takes place.

Note that all of this assumes that the certified programmers are ethical and wouldn't consider setting up back doors that would allow them to fix or break a system.

Related Discussions

Related Forums