Dangerous developers

Developers often want to make use of shareware to obtain code they would otherwise need to be spending a lot of time developing. The IT Ethics handbook (by By Stephen Northcutt, ISBN 1931836221) states:

Downloading shareware opens an entire box of ethical issues….the programmer and the Information Security Manager should set up a shareware standard in advance. If the Information Security Manager is too stringent, the programmer will have difficulty getting the job at hand done. This will consequently result in an uncooperative relationship between the programmer and the Information Security Manager

True enough that it’s standard practice for developers to download tools and code from numerous shareware libraries. The question I have is the extent to which I need to be bothered about it.

I’m worried about a number of things. Thing number one relates to my recollection of the day a production web site ceased to function. The cause was traced to a shareware component that had been implemented without a thought being given to its 30 day trial period expiry. Oops. I’m also concerned about the somewhat flippant disregard for safety that developers often have as they go blithely surfing the web looking for useful components.

Conversely I don’t want to be accused of standing in the way of short lead times and pressure to deliver. The solution might be to give the developers access to all the resources they need so long as it all remains in a segregated network. Fair enough but then I’m now worried about what’s going onto the production servers once the components are incorporated into the code.

Of course, one could question why a professional development team using enterprise platforms needs to resort to using shareware and free tools anyway. Maybe some-one could let me know?