When people see source code, they usually have no idea of what they are looking at. Even though they might consider themselves web or tech savvy, when they see all the weird symbols in front them they may start to feel a little lost. That is understandable because it took years for the average programmer to be able to understand most source code that they see as well. There are different levels and abilities of people who write software and not everyone is what you would consider top notch.
If a programmer is considered a good coder then he probably takes a lot of time to make sure that his source code is correct. Programmer’s put a lot of pride in their work. And if anything is wrong they want to make sure that they fix it in a hurry. This is especially true when they are going to have other professionals look at their work. Even though most outsiders will not be able to understand it they know that other professionals will be able to. So just like anyone else, their pride is on the line and they want to be able to look good. If they do not want to show that they are the top dog then at the very least they want to show that they belong in the club.
But when you are a programmer and you are thinking about the errors in your code, you are mostly thinking about bugs that will stop your program from working. If your program continues to work then you tend to think that nothing is wrong with it. That is not always the case. There are some bugs that cannot be tested until it is out in the field. These bugs that you will usually find later on are the security issue that people seem to run into. And while security issues are not always on the mind of a programmer, they probably should be. Security bugs might not be able to stop your program from working but they will cause you to lose a customer when their entire system gets taken down because of you.
Audit your source code
This is why it is a good idea to make sure that you audit your source code every now and then. And the larger the amount of source code there is to audit, the more you should have it checked. Large code bases are sometimes considered the most dangerous. This is because bugs get lost in there for years and years until there is a nasty surprise that is discovered by a hacker.
To get a good idea on how much source code is in some of the larger projects that are out there go take a look at some open source code. If you take a project like the Linux operating system you will see that there are millions of lines of code that must be accounted for. Because the Linux project is an open source project, you have thousands of people testing it. When you have a closed source project like Windows, which is probably as big or maybe even bigger than the Linux project when it comes to source code, it is hard to get good testing on it until it hits the field. Because Windows is more popular than Linux once it hits the stores you will see the testing start and patches follow suit right after.
The project that you are working on is probably a lot smaller than the two that we have mentioned. But that does not mean you do not have to test your code. As a matter of fact it probably gives you less of an excuse not to test your code. There is no reason why you should not have the abilities to test your code when it comes to a small code base. Any security holes should be easier to find and you should not have to wait until your customers find it.
But you should not mistake customers finding holes in software as developers being lazy. No matter how much you try you are not going to be able to catch every single hole. There are some that are going to be released to the public. But as long as you are making an attempt to try and catch them before they head out you should be Ok for the most part.
The bottom line is that no matter how hard developers try, there is always going to be security holes found in software. But as a developer you can limit the amount of holes found by auditing your software. This way you keep the damage to a minimum.