Comments for CAST Software: On Quality Blog

Comment on Taking Fire over Technical Debt by Lev

Lev — Sat, 28 Jan 2012 00:23:12 +0000

Next time, I guess. I’m looking for something like that in the NYC area. That day will come, i’m sure…

Comment on Taking Fire over Technical Debt by D. Lambert

D. Lambert — Fri, 27 Jan 2012 21:32:53 +0000

Shoot — I completely missed that!

Comment on Who Secures Security? by Lev

Lev — Fri, 27 Jan 2012 00:42:20 +0000

Great post, Jon. You bring to light a very valid issue of repurposing software that’s already been written, and perhaps not up to spec. When I used to write code, I almost never started from scratch. I’m sure most developers today don’t spend much time staring at a blank canvas either.

Comment on Taking Fire over Technical Debt by Lev

Lev — Fri, 27 Jan 2012 00:37:00 +0000

David, good point. Awareness and appreciation of technical debt at management level is a big problem. I think we’re just starting to chip away at that.

Incidentally, did you happen to check out @ElizabethN talk about #techdebt at COLUG last night? I’m curious how that went.

Thanks,
Lev

Comment on Taking Fire over Technical Debt by D. Lambert

D. Lambert — Thu, 19 Jan 2012 16:37:03 +0000

Great article, Jonathan. I like the “divide and conquer” approach for dealing with the problem. I’m not sure about you, though, but for me, the biggest problem I face is driving awareness that technical debt exists in the first place; ie, it’s a real problem with real costs. Hopefully, this is a concept that will gain more awareness and understanding over time.

Comment on Clouding the Outsourcing Issue, part 2 by Jon

Jon — Thu, 12 Jan 2012 17:13:12 +0000

Asher, thank you for the comment; it definitely offers some “food for thought.” I think we’re in complete agreement that the term ‘cloud’ representing both data center consolidation and the service enablement of applications is confusing. Beyond referring to “public cloud” and “private cloud” the industry hasn’t yet matured enough in its distinction between all the various types of clouds and their purposes. To be honest, it’s almost like you have cloud for the infrastructure guys and cloud for the apps guys and then there’s a third cloud that has elements of both clouds, but because it’s used by consumers is really more of a “consumer cloud.” On the business side, though, to truly use the Service (SaaS), Platform (PaaS) and Infrastructure (IaaS) opportunities out there is where technical debt paydown through re-architecture, re-factoring and reuse can come into play. Of course, that’s almost another blog post onto itself (probably MORE than a blog’s worth). I’ll need to give that one some thought. Thanks again!

Comment on Will You Source Them Here or There by Jon

Jon — Tue, 10 Jan 2012 18:02:16 +0000

Jonathan, thanks for your comment. I’m glad you’re enjoying the blogs and hope you will continue to follow along.

Comment on Hacking Up a Hospital by Jon

Jon — Tue, 10 Jan 2012 18:01:04 +0000

Mikey, I'm glad you liked the post. My father was a former military intelligence officer, and he used to say one solitary committed antagonist could potentially do more damage than an entire regiment, just because nobody expects a threat from such a small force. While that's little solace, all any organization can do is fortify its internal "perimeter" by identifying and eliminating any potential points of vulnerability. After all, a virus still needs a point to attack, so if vulnerabilities are addressed and security detection systems are in place, there is less chance for data to be exposed...and such a system of structural analysis must be continually updated as to keep up with the latest technology of its enemies because, as I wrote back in July after the Citi breach, "Hackers are getting smarter."

Comment on Clouding the Outsourcing Issue, part 2 by Jon

Jon — Tue, 10 Jan 2012 17:54:15 +0000

Mikey, thanks again for your comments and thoughts. While security IN the cloud still remains “up in the air” (pun only partially intended), companies still need to address the security of databases and systems on their side of the WAN before they go into the cloud. More frequently than we care to believe, the security issue IN the cloud began at the source. Combine increased internal scrutiny additional analysis and measurement of the software behind cloud apps and companies should be able to realize better-to-reasonable security for cloud-based solutions.

Comment on CAST Defends the Defenders by Jon

Jon — Tue, 10 Jan 2012 17:48:15 +0000

Mikey, thanks for the comment. I wish you were missing something here, but as noted in previous blogs the government’s efforts to plan for cyber warfare have so far been met with conflicting and unfinished efforts. The Department of Homeland Security’s interest in the wake of the DoD contractor hack in March (which was not revealed until July) demonstrates one of the first consolidated efforts to address things and hopefully will find success where other efforts have either failed or stalled.