Zeppelin is a MIT licensed open source secure smart contract development framework to build blockchain applications. It's a community effort pioneered to ensure only secure, tested and audited smart contract code makes it to a production blockchain, to reduce incidents such as "The DAO" hack. Zeppelin is intended to be blockchain-agnostic, but in the beginning they are focusing on Solidity tools.
Continuous deployment results in a higher sense of responsibility and better quality of deployments, argues Paul de Raaij, technical pathfinder at Coolblue. Coding standards prevent your code base from becoming a mess, automated inspections are great for tedious and boring checks, and manual checks are great for checking if the logic or use of code actually makes sense.
Fred George talked about the Challenges in Implementing MicroServices and The Secret Assumption of Agile at the GOTO Amsterdam 2015 conference. InfoQ interviewed him about how make microservices as small as possible, challenges when implementing microservices and how to deal with them, why programming style matters, and what developers can do to develop their code writing skills.
The 2014 CAST Research on Application Software Health (CRASH) report states that enterprise software built using a mixture of agile and waterfall methods will result in more robust and secure applications than those built using either agile or waterfall methods alone. InfoQ interviewed Bill Curtis about structural quality factors, and mixing agile and waterfall methods.
CERT Secure Coding team have recently released a freely available tool capable of analysing the leakage of sensitive information from an Android app. CERT researchers claim their tool "is the most precise taint-flow static analysis tool for Android apps."
Ecma International has standardized the first edition of Dart, ECMA-408.
OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.
CERT Secure Coding team, part of the Software Engineering Institute at Carnegie Mellon University, have recently released secure coding guidelines specific to Java's application in the Android platform. InfoQ interviews Lori Flynn, one of the researchers who authored them.
The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.
Google has recently released their complete definition of coding standards for Java source code. These are hard-and-fast rules that are clearly enforceable, and are followed universally within Google. It covers not only formatting, but other types of conventions and coding standards.
One blog of note that is furthering the efforts of today’s mobile application developers can be found at the OpenSignal web site. Their recent Android Fragmentation Visualized report offers some unique perspectives on the challenges of writing Android apps.
DRY reduces duplication and the maintenance problems coming with it, but misusing it leads to high coupling and reduced readability. The lesson: a software development principle should be applied considering other corresponding principles, patterns and practices.
Tony Wong, a project management blackbelt, enumerates some practical points on individual procutivity. This article wonders how well these apply to software development and contrasts his list with that of other lists.
Simon Brown, a developer, architect and author, considers that it takes a lot more than just good code to create a successful project. In his presentation, "Good Code Isn’t Enough", Brown goes through all the elements necessary for a project’s success, from upfront design to operation documentation.
Any developer has written at least one line of comment throughout his code. Some have written many comments in an attempt their code to be more explanatory. This article gathers some of the practices used in writing code comments.