Risk, Hazard, Danger, and Coding Smarter

By Daniel Fone

Elevator Pitch

How secure is secure enough? When is another test worth it?

Software is the anticipation of endless ‘dangers’. Using models from environmental toxicology, we’ll explore the idea of ‘danger’ and how it helps us think about writing tests, handling errors, and securing applications.

Description

Though it isn’t always a conscious process, good software development is the anticipation of a thousand dangers: regressions, missed edge-cases, uncaught exceptions, unauthorised activity, downtime, the list is endless.

The first half of this talk will be exploring the concept of ‘danger’ and how we can reason about it better. We’ll build a simple model for qualifying danger, examine some common pitfalls, and run through some fun examples to see how our model works in day to day life.

The second half of the talk will take the model we’ve built and see how it can inform the decisions we make when writing software. We’ll try to distill a small part of the ‘intuition’ of the experienced developer into a tool that can be wielded by people of any experience level. In particular we’ll look at examples from testing, error handling, and application security.

Notes

I first encountered this model in my undergraduate Chemistry degree, and have found it immensely useful in making decisions on every level in my career as a freelance Rails developer.

My aim is to give developers of any experience level a helpful mental tool for making better decisions when building software.