The adventurous hero is a common thread in mythology that helps us understand what makes someone great. From Homer’s Odysseus, to George Lucas’s Luke Skywalker, all mythical heroes have traits in common and follow a similar path.
Heroes don’t start out that way – they need to prove their mettle by undertaking a long journey and passing a series of tests. The hero must look within him or herself, often going to a dark place of fear and doubt. Finding the strength within, the hero is reborn and finally returns home bearing the fruits of victory – wisdom, strength and freedom.
As a developer, you’re asked to commit time and effort to solve problems that, sometimes, are caused by failures of poor planning or inadequate processes. Managers may set unrealistic requirements and impossible release schedules, leaving little to no time for quality. If the business doesn’t care about code quality at the moment, it surely will when there’s a bug in the workflow, performance is slow, or an XSS flaw allows a hacker to gain access to important customer data.
Developers figure there has to be a better way. And there is a better way – this is the start of the hero’s journey. Below are four ways a developer’s journey to coding mastery is like a hero on a quest for greatness.
A hero has to leave the dark and dreary world as he knew it and venture forth into the unknown, like Luke leaving his home on Tatooine. As a developer, you’re not satisfied with the status quo, and you want to try out new things. Maybe you want to learn new languages or frameworks, so you can stand out from your peers. To become competent, you start investigating in your free time.
On the job, however, you don’t have the luxury of testing and learning before you check in your code. You face the “scan and scold” dynamic from security teams who see software risk or compliance failures before you’ve had a chance to make changes. Wouldn’t it be great if you could test out your code without security looking over your shoulder?
A hero needs to pass a series of tests, like the famous labors of Hercules. The Star Wars hero Luke also had to fight many battles, including some he lost. He faced darkness in the form of Darth Vader (his “Dark Father”) and he lost a hand in the process.
In his second labor, Hercules had to fight the multi-headed Hydra, but whenever he cut off one of her heads, two more would grow in its place. After doing this a number of times, Hercules realized its futility and tried a new approach to win the battle. When he cut off one of the Hydra’s heads, he cauterized the wound to stop it from regenerating.
As a developer, you know that the best way to become a stronger and more secure coder is trial and error. Scanning code early and often and then remediating the errors you find as you write is like Hercules cauterizing the wounds when he cut off the Hydra’s heads. Short-term failure can lead to long-term success.
A hero needs the right tool. Where would Luke be without his lightsaber? Hercules, meanwhile, finally defeated the Hydra only after he used a golden sword from the goddess Athena. He cut off the Hydra’s one immortal head and buried it under a rock.
How are you supposed to write good code if you’re not given the right tools and a place to learn from your mistakes? You can feel more confident testing out your code in a developer sandbox that acts like a magic cloak, allowing you to scan as often as you want in private.
The sandbox is a safe way for developers to “fail quickly” – and to assess new code against the required security policy without affecting compliance reporting for the version of the application currently in production. Scanning early and often allows you to identify and remediate blockers early in the cycle, when they are easier and less expensive to fix.
When the hero returns from his difficult journey, the story usually ends with a big victory party. In the real world, it doesn’t quite happen that way. As a developer, you can’t rest on your laurels.
When you go through difficult times of failing and recovering, you start to see your own habits and gain insight on how to develop better habits. The “aha” moment comes when you say, “Oh, I shouldn’t have coded it this way, because as soon as I upload it I’m going to see the same vulnerability results.”
When you’re getting more timely feedback on the code you write or change, you’re more likely to reuse secure coding patterns and avoid insecure ones. You become stronger than before. You gain new knowledge and skills. And with the right tools, you can take on the next challenge more easily than the last one. If that doesn’t make you feel quite heroic, you’ll at least feel pretty good about yourself.
If you want to achieve mastery and excel at your profession, you first have to overcome the status quo. You can start your heroes’ journey by downloading our super-helpful guide explaining five principles that development teams can follow to become higher-performing and write more secure code.
Find out how CA Veracode Developer Sandbox helps developers write secure code early in the software development lifecycle.
Luke Skywalker image courtesy of Wookieepedia.