Search code examples
idelibrariesbuild-system

Should developers be limited to certain software for development?

Should developers be limited to certain applications for development use?

For most, the answer would be as long as the development team agrees it shouldn't matter.

For a company that is audited for security certifications, is there a method that balances the risk of the company and the flexibility, performance of the developers?

Scope

  1. coding/development software
  2. build system software
  3. 3rd party software included with distribution (libraries, utilities)
  4. (Additional) Remaining software on workstation

Possible solutions

  1. Create white-list of approved software where developer must ask for approval for desired software before he/she can use it. Approval would be based on business purpose/security risk.

  2. Create black-list for software. Developers list all software used. Review board periodically goes over list.

Has anyone had to work at a company that restricted developer tools beyond the team setting? How did they handle the situation?

Edit

Cleaned up question. Attempted to make less argumentative.

Solution

  • No, developers should not be limited in the software they use, because it prevents them from successfully doing their jobs. Think about how much you are paying your team of developers, - do you really want all that money to go spiraling down the drain because you've artificially prevented them from solving problems?

    1) Company locks down the pc and treats the developer as competent as a secretary

    What happens when the developer needs to do something with administrative permissions? EG: Register a COM object, restart IIS, or install the product they're building? You've just shut them down.

    2) Create a white-list of approved software...

    This is also impractical due to the sheer amount of software. As a .NET developer I regularly (at least once per week) use upwards of 50 distinct applications, and am constantly evaluating newer upgrades/alternatives for many of these applications. If everything must go through a whitelist, your "approval" staff are going to be utterly swamped by just one or 2 developers, let alone a team of them.

    If you take either of these actions, you'll achieve the following:

    1. You'll burn giant piles of time and money as the developers sit on their thumbs waiting for your approval team, or doing things the long slow tedious way because they weren't allowed to install a helpful tool

    2. You'll make yourself the enemy of the development department (not good if you want your devs to actually do what you ask them to do)

    3. You'll depress team morale substantially. Nobody enjoys feeling like they're locked in a cage, and every time they think "This would be finished 5 hours ago if only I could install grep", they'll be unhappy.

    A more acceptable answer is to create a blacklist for "problem" software (and websites) such as Pidgin, MSN messenger, etc if you have problems with developers slacking off. Some developers will also rail against this, but many will be OK with it, provided you are sensible in what you blacklist and don't go overboard.