Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

“If it’s a core business function — do it yourself, no matter what.”

­— Joel Spolsky, talking about Not-Invented-Here programming

https://www.joelonsoftware.com/2001/10/14/in-defense-of-not-...



How does this apply to the types of programming like encryption where it is oft advised to not roll-your-own?


If encryption is a core business function, you need as a prerequisite to having a business at all a couple of folks who know encryption well enough to roll their own.


If there's reason to believe your team is better at cryptography implementation than the people behind the libraries you'd otherwise use, maybe. (This probably applies to the US national security establishment, not some random internet product).


> How does this apply to the types of programming like encryption where it is oft advised to not roll-your-own?

It basically doesn't apply to widely-used open source software.

Or to put it another way, you can always maintain an internal fork that currently has zero changes from upstream.


Encrypt multiple times with multiple encryption methods?

Including an in-house built cipher (task assigned to intern).


Is security considered a “core business function”? I wouldn’t believe so.


Joel also writes “If you have customers, never outsource customer service.”. I think “security” is in the same category.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: