Home » Author Archives: Jim Bird (page 5)

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

How much can Testers help in Appsec?

software-development-2-logo

It’s not clear how much of a role QA – which in most organizations means black box testers who do manual functional testing or write automated functional acceptance tests – can or should play in an Application Security program. Train QA, not Developers, on Security At RSA 2011, Caleb Sima asserted that training developers in Appsec is mostly a waste ...

Read More »

Stop Telling Stories

agile-logo

There are beautiful, simple ideas in today’s Agile development methods that work really well. And some that don’t. Like defining all of your requirements as User Stories. I don’t like the name. Stories are what you tell children before putting them to bed, not valuable information that you use to build complex systems. I don’t like the format that most ...

Read More »

Appsec’s Agile Problem

agile-logo

Agile development has a serious Appsec problem. Most Agile development teams suck at building secure software. But one of the reasons for this is that Appsec has a serious Agile problem. Most security experts don’t understand Agile development and haven’t come to terms with the way the way that Agile teams design and build software; with the way that Agile ...

Read More »

Applying the 80:20 Rule in Software Development

software-development-2-logo

Managers don’t want to think harder than they have to. They like simple rules of thumb, quick and straightforward ways of looking at problems and getting pointed in the right direction. The simpler, the better. One of the most useful rules of thumb is the 80:20 rule: 80% of effects come from 20% of causes and 80% of results come ...

Read More »

Adding Appsec to Agile: Security Stories, Evil User Stories and Abuse(r) Stories

agile-logo

Because Agile development teams work from a backlog of stories, one way to inject application security into software development is by writing up application security risks and activities as stories, making them explicit and adding them to the backlog so that application security work can be managed, estimated, prioritized and done like everything else that the team has to do. ...

Read More »

Making Devops work outside of Webops

devops-logo

I’ve spent the last 3 years or so learning more about devops. I went to Velocity and Devopsdays and a bunch of other conferences that included devops stuff (like the last couple of OWASP USA conferences and this year’s Agile conference). I’ve been following the devops forums and news and reading devops books and trying out devops tools and Continuous ...

Read More »

Programming: Thinking or Typing, Thinking and Typing

software-development-2-logo

“If you don’t think carefully, you might think that programming is just typing statements in a programming language.” Ward Cunningham, in the Forward to The Pragmatic Programmer Software development – design, solving problems, coming up with optimal new algorithms, learning a new language, refactoring messy code into something tight and elegant – requires hard thinking. When you’re trying to do ...

Read More »

Don’t You Know that Support is the Most Important Part of a Developer’s Job?

software-development-2-logo

Agile development – because you are building working software faster and delivering it incrementally – forces development teams to face a common, fundamental problem: how to balance the work of developing new software with the need to support a system that is already being used in production, whether it’s the legacy system that you’re replacing, or the system that you ...

Read More »

Don’t let Somebody Else’s Technical Debt take you Under

agile-logo

There’s a lot written about technical debt: what technical debt is and the different kinds of technical debt, how to avoid taking on debt unnecessarily when designing and coding and changing code, how much technical debt is costing your organization, and why and how and how much and when to pay these debts off. But all of this ignores massive ...

Read More »
Want to take your Java Skills to the next level?
Grab our programming books for FREE!
  • Save time by leveraging our field-tested solutions to common problems.
  • The books cover a wide range of topics, from JPA and JUnit, to JMeter and Android.
  • Each book comes as a standalone guide (with source code provided), so that you use it as reference.
Last Step ...

Where should we send the free eBooks?

Good Work!
To download the books, please verify your email address by following the instructions found on the email we just sent you.