Malware "best practices"

[Jason Stephenson]

Ben Scott wrote:
> 
>  The MySpace "worm" does highlight something important: Programmers
> keep making the same stupid mistakes, over and over and over and over
> and over again.

As a programmer, I can tell you why. Most programmers are not well 
versed in the art or the science (if there really is any) of programming.

Do you know why? Most programmers don't really get to see that much 
source code. It's true. In the commercial realm of closed source 
software most programmers only get to see the code of the project(s) to 
which they are assigned. They never get to see much code that's better 
or worse than what they are used to seeing.

The same is true in most university CS programs. Students are not 
exposed to all that much code. It's mostly theory and mathematics and 
then applying that theory and mathematics in code.

This is very far from what most architects or engineers do in their 
educations or their careers. They study other's designs and 
implementations. They appreciate one another's work as art. Closed 
source programmers cannot do this, while open source programmers have 
the opportunity. (However, I doubt very many of them do this.)

Additionally, software is in its infancy. I imagine that the first few 
thousand bridges that were built were pretty dodgy things. They were 
probably very likely to collapse under you. It took mankind a long time 
to figure all this out. (They still don't always do it right as the big 
dig mess is proving.) Software is a bit more complicated on the inside 
than making a bridge, too.

Writing software is like writing fiction or nonfiction in the sense that 
the only way to really get better is to do it. You read a lot and you 
write a lot.--It helps to eat your own dog food, too.