This is part 1 of a 2 part series regarding my thoughts on the current state of web development. This article discusses the problems the web software industry faces today. The second part will discuss some potential solutions to some of the problems discussed.
There’s little doubt as to the importance of web-based software in today’s world. The web powers a wide variety of software and is becoming more critically important in day to day society. We consume our news, handle our finances, connect with friends and family, watch TV and live a large portion of our lives through web-based software. There has been a great number of benefits that web-based software has provided humanity; going forward the benefits will only increase as technology advances and new ideas are created.
However, I feel that the road ahead for the web-software industry is a volatile, dangerous path. No longer are network connected devices a niche in society. More and more devices are connecting to the Internet where they interact with software that is growing more and more complex. Soon a house full of network-connected devices will be the norm. While there will undoubtedly be numerous benefits from this “Internet of things” there is also a huge security risk as every new device is a new attack vector; the more critical the device the more serious the attack risk. It’s a huge future problem and it exists because…
Web software is utter crap
Every app you use that connects to the Internet – and these days that’s virtually all of them – must execute code on a server. There’s a really good possibility that much of that code is crap. Utter and complete crap that’s full of security vulnerabilities. Vulnerabilities that, when exploited, have the potential to wreak havoc on individual lives and entire economies. While there may be large, powerful organizations with the resources to provide web software without these vulnerabilities they are the exception to the rule.
There’s a multitude of historical reasons for how the web software industry has reached this level of crappiness. This article isn’t about how we got here though; more on how we, as a society, continue to perpetuate this problem and potential solutions. I feel that the most critical problem is…
Lack of appropriate education
The barrier to web software development is relatively low compared to other sofware industries. This means that developers are often creating web sites and functionality, that will be used by the public, without fully understanding the complexity and risk in software development. Unfortunately, and especially with PHP, the vast amount of tutorials and documentation are outdated or teach bad practices. This lack of appropriate education for the developer is easily one of the biggest hurdles in fixing the crappiness of web software.
Unfortunately the challenge in providing appropriate education is a huge issue facing the web software industry. Much of the inferior documentation has achieved a level of inertia that will be difficult to stop. In addition, the onus for determining the validity of documentation falls on the reader. This is highly susceptible to the problem of “you don’t know what you don’t know.” Simply put, the people reading the documentation often can’t tell whether or not the article is accurate or worth learning.
In other industries higher learning organizations are capable of educating people to be productive in their chosen craft. However, software development is, sadly, severely lacking in that department as well. Much of the academic programming courses are, well, exactly that. Academic. Much of the material taught in schools is very useful and can often times help with a deeper understanding of computer science. That being said often times this emphasis on the theoretical leaves a graduate with very little real life programming skills. A slew of things in practical programming education should be given more emphasis earlier and more often.
Developer education isn’t the only big hurdle and may not be as critical as…
While developer education is important to fixing the problems with web software today it is all for naught if customer awareness does not increase. A large part of the reason that we have gotten to this point is that the customer spending the money often isn’t aware of, or just doesn’t care about, the potential risks. Ultimately until customers reach a level of awareness and concern for these problems they will continue to exist. Only when customers demand that their software be defensible and well written will businesses care enough to invest the time and resources into developing software correctly.
This is a huge problem because the only solution is for the customer to have more knowledge on, what is admittedly very technical, software development. It is completely unreasonable to expect the majority of society to understand enough about software for this to be solved on their end. Unfortunately basic economics states that a better educated customer makes better decisions. As long as there are people willing to spend money on and use web software that is not well defended we will have a problem with vulnerable web software.
Let us not forget…
The industry is still in its infancy
The software industry as a whole is still relatively young, but this is particularly true of web software. I think the best way to communicate the problem with the industry being young can be summed up best with an analogy. An analogy about building houses.
Let’s go back thousands of years when primitive people were abandoning their nomadic ways and settling down into civilizations. One of the most important steps in this transition from nomad to civilization was building more permanent housing. Although these initial houses were very primitive they were a drastic improvement over the previous system of just bedding down wherever you happened to end up that day.
However, these houses were also extremely haphazard and by today’s standards wouldn’t even be called shacks. As problems with these buildings became more apparent and society became smarter we realized more had to be done. We couldn’t just let anybody throw up a shack and live in it. There needed to be criteria that builders had to follow and a way to ensure the buildings were safe for human occupation. Now you can’t simply construct a building anywhere you want – at least not in the United States. You need permits and inspections and design plans and to prove that you can build a safe house.
The web software industry, in a sense, is still building shacks. We haven’t been around long enough to fully understand how to efficiently create “buildings” that don’t fall over in a strong breeze. We also don’t have a long history teaching us how, and why, we should be doing things a certain way. We certainly don’t have stringent criteria on who is allowed to create a web site and how that website should be created.
The big stuff
These are, in my opinion, the biggest problems facing the web software industry in improving the quality and defensibility of software. This doesn’t represent a complete list of even all of the arguments and facets of the existing problems. A lot of questions are left open with no clear, easy solutions. There are things we can do to make it better.
That part is coming.