Apple’s recent TLS/SSL fiasco has lead programmers from all walks of technical life to laugh out loud. My twitter timeline filled up with tweets to the effect of “How could those guys at Apple be so dumb to use goto and not use curly braces?”. The worst issue here was not sloppy coding, but something else.
Let’s face it, all of us (even the brightest) will make this kind of mistake occasionally.
So what has surprised me that relatively few people have raised their concerns about the lack of automated tests for this code. While I appreciate the fact that it may not have been possible to write a simple pure unit test for each branch in the code-fragment, it must have at least been possible to create tests on a higher level (e.g. integration or functional), at a reasonable expense of time.
The fact that so many programmers did not regard the lack of a testset as the most serious issue here goes to show that the ‘craftsmanship’ that is software engineering still has a long way to go.