Do you have a well motivated and competent staff? Are they coming up with new and innovative ideas regularly? Is your quality and productivity high?
Then clearly, you do not have enough rules, procedures, and lawyers.
Step 1 Conformance
Enforce conformance. Doesn't matter if its a government standard, or even your own governments standard, make conformance to ALL of them mandatory even if it makes no sense.
Can't find a protocol or procedure of your own? Make one up.
To help the process, make believe a standard does things it doesn't. Claim FIPS 140 will protect you.
Ensure that your staff spends every waking hour at work investigating, changing, and working on conformance. This mind numbing pointless work will ensure you are well on your way to killing your deadline and demotivating your staff.
Hire more lawyers to keep that hamster running in that wheel.
Stay tuned for the next instalment...
Tuesday, 26 February 2013
Friday, 22 February 2013
Software Development Arrogance
During my past 25 years in software development I have met many interesting personalities. From the intelligent stars to the dysfunctional fascist. But one type of personality seems to be more common than most. I am going to talk about that today.
But first, why today? Why after all this time do I now feel compelled to scribble about this one personality?
The reason is because this industry is in crisis and that personality is a key player in the drama.
That personality is the so-called "know-it-all".
Crisis? What Crisis? Are not software and high tech companies making money? Perhaps, but that only hides the real problem. The crisis I am referring to is the security horror the mainstream media has now latched onto. Yes. I know. Security has always been a problem and the media has now only found out it exists.
The causes of the issue is complex and has many actors. From the half-baked products rushed to market to "realize-revenue", the hapless neophyte who does not consider the malicious use case, to finally, my favourite as you can imagine, the know-it-all.
And I see it all the time. No, they will not consult with experienced staff on the subject, they will roll their own. No, they will not present their design to experienced security staff, they know better. And no, they will not ask questions, since they have no questions to ask, because they know it all. And no, they will not consider customer opinions and just deem this is what their security policy should be even though they have no security experience whatsoever (I mean, how hard could it be). They would perform their own brain surgery if they weren't unconscious at the time.
They are the bulldozers who attempt to talk over and interrupt others with their amazingness. The male of the species will announce to their colleagues that they are "brest-feeding experts" (true story, you can't make this shit up) after they read a book because their wife (poor soul) is expecting to pop out their spawn.
This creature will look at existing code, and even though there is no reason to, change that code (and introduce risk) because it was not the way they would write it, and therefore it must be wrong.
To be perfectly honest I am not surprised we are seeing the hacking headlines. Its a long time overdue. And it will be with us for a long time until software development teams can deal with, educate, and manage this personality. And they need to do so soon, because its killing us.
http://www.dilbert.com/2013-02-24/
But first, why today? Why after all this time do I now feel compelled to scribble about this one personality?
The reason is because this industry is in crisis and that personality is a key player in the drama.
That personality is the so-called "know-it-all".
Crisis? What Crisis? Are not software and high tech companies making money? Perhaps, but that only hides the real problem. The crisis I am referring to is the security horror the mainstream media has now latched onto. Yes. I know. Security has always been a problem and the media has now only found out it exists.
The causes of the issue is complex and has many actors. From the half-baked products rushed to market to "realize-revenue", the hapless neophyte who does not consider the malicious use case, to finally, my favourite as you can imagine, the know-it-all.
And I see it all the time. No, they will not consult with experienced staff on the subject, they will roll their own. No, they will not present their design to experienced security staff, they know better. And no, they will not ask questions, since they have no questions to ask, because they know it all. And no, they will not consider customer opinions and just deem this is what their security policy should be even though they have no security experience whatsoever (I mean, how hard could it be). They would perform their own brain surgery if they weren't unconscious at the time.
They are the bulldozers who attempt to talk over and interrupt others with their amazingness. The male of the species will announce to their colleagues that they are "brest-feeding experts" (true story, you can't make this shit up) after they read a book because their wife (poor soul) is expecting to pop out their spawn.
This creature will look at existing code, and even though there is no reason to, change that code (and introduce risk) because it was not the way they would write it, and therefore it must be wrong.
To be perfectly honest I am not surprised we are seeing the hacking headlines. Its a long time overdue. And it will be with us for a long time until software development teams can deal with, educate, and manage this personality. And they need to do so soon, because its killing us.
http://www.dilbert.com/2013-02-24/
Subscribe to:
Posts (Atom)
