Home » Author Archives: Jim Bird (page 11)

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

Sooner or Later: Deliver Early or Minimize Waste

agile-logo

There’s an obvious but important tension in Lean/Agile development around when to make decisions. Between the fundamental Agile position that we should do the most important and most risky work first, and the Lean argument that we should make decisions at the last possible moment. We need to decide early and try things out, iterate to minimize risk and time ...

Read More »

Agile Estimating: Story Points and Decay

agile-logo

I’m re-reading Mike Cohn’s Agile Estimating and Planning. It’s the best book I’ve found on this and worth reading, even if he gets too Scrummy at times, and even if you don’t agree with everything he says. Which I don’t. For example, I don’t agree with him that Story Points are better for estimation than Ideal Days. When we do ...

Read More »

Where do Security Requirements come from?

software-development-2-logo

One of the problems in building a secure application is that it’s not always clear what the security requirements are and where they are supposed to come from. Are security requirements supposed to come from the customer? Are they specified in the regulatory and compliance environment? Or are they implicit in the type of application that you are building – ...

Read More »

Are Agile plans Better because they are Feature-Based?

agile-logo

In Agile Estimating and Planning, Mike Cohn quotes Jim Highsmith on why Agile projects are better: “One of the things I keep telling people is that agile planning is “better” planning because it utilizes features (stories, etc.) rather than tasks. It is easy to plan an entire project using standard tasks without really understanding the product being built. When planning ...

Read More »

The pursuit of protection: How much testing is “enough”?

agile-logo

I’m definitely not a testing expert. I’m a manager who wants to know when the software that we are building is finished, safe and ready to ship. Large-scale enterprise systems – the kinds of systems that I work on – are essentially hard to test. They have lots of rules and exceptions and lots of interfaces and lots of customization ...

Read More »

Software Development Metrics that Matter

software-development-2-logo

As an industry we do a surprisingly poor job of measuring the work that we do and how well we do it. Outside of a relatively small number of organizations which bought into expensive heavyweight models like CMMI or TSP/PSP (which is all about measuring on a micro-level) or Six Sigma, most of us don’t measure enough, don’t measure the ...

Read More »

Building security into a development team

software-development-2-logo

Getting application developers to understand and take responsibility for software security is difficult. Bootstrapping an Appsec program requires that you get the team up to speed quickly on security risks and what problems they need to look for, how to find and fix and prevent these problems, what tools to use, and convince them that they need to take security ...

Read More »

Application Security at Scale

software-development-2-logo

This week’s SANS AppSec conference in Las Vegas took on Application Security at Scale: how can we scale application security programs and technologies to big organizations, to small organizations and across organizations to millions of programmers world wide. You can find the presentation slides here. Lots of hilights for me: The conference was kicked off by Jeremiah Grossman from WhiteHat ...

Read More »

You don’t need Testers – Or do you?

agile-logo

I talk to a lot of people in both big and small software development organizations about how they manage software development, how they’re organized, what practices they follow and what practices actually work. Most people working on small teams that I talk to can’t justify having someone to just test their apps, because testers don’t actually build software, so they’re ...

Read More »

Can you get more out of Static Analysis?

findbugs-logo

When it comes to static analysis, Bill Pugh, software researcher and the father of Findbugs (the most popular static analysis tool for Java), is one of the few experts who is really worth listening to. He’s not out to hype the technology for commercial gain (Findbugs is a free, Open Source research project), and he provides a balanced perspective based ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close