Recap: Software Risk & Innovation Summit 2017

Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
So, what does it take to be a digital leader? As a sponsor of the Software Risk & Innovation Summit last week in New York City, I was able to hear from some of the leading experts on the matter, including CISQ, JetBlue, COACH, Fannie Mae, BCG and others.

The Eerie Similarities Between Climate Change and Agile Development

Despite mounting evidence that the use of fossil fuels will damage our environment, humanity appears hard pressed to find an alternative. And even though environmentally friendly options have presented themselves, we have one foot firmly planted in the past. Working in the IT industry, it’s astounding how closely this resembles our current state of agile software development and testing.

Even though the industry identifies that a problem exists, and have the tools available to fix it, its dead set on sticking to “the way it was.”
Our colleague Vijay Anand recently penned an article exploring this topic and outlining what software development teams can do to maintain their current level of production, without sacrificing software quality. Read the full story HERE!

A UK Regulator Confirms Software Risk Very Real In UK Financial Sector

Pay attention US financial sector, because the UK is one step ahead of you … sort of. They’re at least willing to admit they have a problem with software risk and IT system resiliency, which is on the path to recovery.
A recent report published by Tech Market View confirmed a 2012 warning by a director of the Prudential Regulatory Authority that the IT systems of UK banks were “antiquated.” and that he could not say with confidence that they are robust. The statements were delivered to a committee in Northern Ireland as they discussed the major IT failure at RBS/Ulster Bank in 2012 which affected the bank’s customers all over the world.

Introducing Security into Mainstream Development – Part 1

We held a webcast last week with Mark Wireman of OpenSky, who is an expert in application security and has worked in this space for 15 years. We appreciate Mark taking the time to share his experience securing applications in the enterprise and responding to the onslaught of mobile-based entry points in the application development process.
During the course of the hour, we received a number of interesting questions and comments and thought they would make great topics for a few blog posts. Stay tuned for a follow-up post from Mark, which will include answers to several questions on Appsec in agile development.
Defensive vs. Offensive
There was a question during the webinar about defensive and offensive strategy as they relate to security. Mark will elaborate on them in his post, but we wanted to say a few words about them as well.
At CAST, we see many companies taking a code quality approach to application security. That is, they look at software analysis at the code level and use that to flag potential security issues — typically after the SDLC dumps the code into production. While that might seem like a reasonable approach, we believe it’s not enough.
Virtually all thought leaders in application security believe the most advanced security measures are realized in architectural analysis of applications. Truly good security should include elements of an architecture that protects application data, and a process that guarantees security aspects of the architecture are not bypassed. We’ve only seen that deployed by a few CAST customers, and nowhere else. But we believe we’ll all get there, eventually.
Many Layers
Towards the end of our session, we received this comment:

It’s also only a start to mobile security…there are many other layers that need to be considered but yes it was a well spent hour

We wholeheartedly agree. Mobile apps only raise the stakes and the importance of securing sensitive data. As we heard from Mark during the webinar, and we hear from the assurance community, most attacks are trying to find their way to the data. We believe that it’s much more than the mobile app that needs to be secured — it’s a system-wide problem that involves the whole application. It’s an issue of overall architecture and how the entire system needs to be designed with security in mind. The mobile app is just one piece, but an important entry point into the legacy application and hence, part of the overall system architecture.
Stay tuned for more details and answers from Mark in part two of this post.

Agile Deals Thoughtworks a 21

Eli attended the fun ThoughtWorks “Big Casino” night during the Agile 2010 conference in Orlando this week. ThoughtWorks, cleverly put together this event to generate money for charity and of course build brand awareness.
At the event, Martin Fowler, Chief Scientist at ThoughtWorks, delivered a powerful speech on corporate social responsibility and the changes at ThoughtWorks to reflect this commitment. The event was well attended and enjoyed by conference attendees as significant money ultimately donated to three different charities.