Reliable Software in 3 Simple Steps

(or: How I Realized Intro Economics Applies to Software Engineering)

The Rules:

1. Hire a small number of really good programmers
2. Hire one Information Assurance (IA) superstar
3. Hire as many testers as you can without regard to past performance

The Rationale:

• Software development is largely a weakest-link game. If you hire one crappy programmer, he'll write crappy code that the stars have to fix. They'll be slower and more resentful. Therefore, only hire really good programmers.
• Security and reliability measures are a best-effort game. You don't need a whole slew of IA stars to see the big picture. I'm a believer in the idea of "more heads..." thinking, so I might hire two experts if I could afford it, but this position has rapidly diminishing returns
• Bug fixing is a sum-of-efforts game. The more eyeballs the better. This is particularly true because even really good developers make assumptions about users. Having average-Joe people doing testing will get the developers good feedback early in the life-cycle

Finally, the credits:

• Joel has brought up these themes before, usually more eloquently and thoroughly
• Anderson and Moore come to very similar conclusions in Information Security Economics — and Beyond