Home » Author Archives: Jim Bird

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

DevOps is Killing Maintenance. Let’s Celebrate.

devops-logo

DevOps probably isn’t killing developers. But it is changing how people think about development – from running projects to a focus on building and running services. And more importantly, DevOps is killing maintenance, or sustaining engineering, or whatever managers want to call it. And that’s something that we should all celebrate. High-bandwidth collaboration and rapid response to change in Agile ...

Read More »

Can DevOps(Sec) make Software more Secure?

devops-logo

There was a lot of talk at RSA this year about DevOps and security: DevOpsSec or DevSecOps or Rugged DevOps or whatever people want to call it. This included a full-day seminar on DevOps before the conference opened and several talks and workshops throughout the conference which tried to make the case that DevOps isn’t just about delivering software faster, ...

Read More »

Backdoors, Sabotage or Just Plain Stupidity

software-development-2-logo

Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s credentials, might have put a backdoor, a logic bomb, a Trojan or other “malcode” into your application code. And you don’t know it. How much of a real problem is this? And how ...

Read More »

Towards Compliance as Code

devops-logo

Infrastructure as Code is fundamental to DevOps. Automating the work of setting up and maintaining systems infrastructure. Making it defined, efficient, testable, auditable and standardized. For the many of us who work in regulated environments, we need more. We need Compliance as Code. Take regulatory constraints and policies and compliance procedures and the processes and constraints that they drive, and ...

Read More »

Making Refactoring Work

software-development-2-logo

A recent academic study raises some questions about how useful and how important refactoring really is. The researchers found that refactoring didn’t seem to make code measurably easier to understand or change, or even measurably cleaner (measured by cyclomatic complexity, depth of inheritance, class coupling or lines of code). But as other people have discussed, this study is deeply flawed. ...

Read More »

Putting Security into Sprints

agile-logo

To build a secure app, you can’t wait to the end and hope to “test security in”. For teams who follow Agile methods like Scrum, this means you have to find a way to add security into Sprints. Here’s how to do it: Sprint Zero A few basic security steps need to be included upfront in Sprint Zero:     ...

Read More »

DevOps is not a Race

devops-logo

Most of what we read about or hear about in DevOps emphases speed. Continuous Deployment. Fast feedback. Fail fast, fail often. How many times do we have to hear about how many times Amazon or Facebook or Netflix or Etsy deploy changes every day or every hour or every minute?             Software Development at the ...

Read More »

Don’t waste time tracking technical debt

software-development-2-logo

For the last couple of years we’ve been tracking technical debt in our development backlog. Adding debt payments to the backlog, making the cost and risk of technical debt visible to the team and to the Product Owner, prioritizing payments with other work, is supposed to ensure that debt gets paid down. But I am not convinced that it is ...

Read More »

Required Reading: Iron Clad Java

java-interview-questions-answers

They didn’t teach appsec in Comp Sci or in engineering or MIS or however you learned how to program. And they probably still don’t. So how could you be expected to know about XSS filter evasion or clickjacking attacks, or how to really store passwords safely. Your company can’t afford to send you on expensive appsec training, and you’re too ...

Read More »

If you got bugs, you’ll get pwned

software-development-2-logo

The SEI recently published some fascinating research which shows a clear relationship between software quality and software security. The consensus of researchers is that at least half, and maybe as many as 70% of common software vulnerabilities are fundamental code quality problems that could be prevented by writing better software. Sloppy coding. Not checking input data. Bad – or no ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close