Home » Author Archives: Jim Bird

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

Why you Should Attack Your Systems – Before “They” Do

software-development-2-logo

You can’t hack and patch your way to a secure system. You will never be able to find all of the security vulnerabilities and weaknesses in your code and network through scanning, or by paying outsiders to try to hack their way in. The only way to be secure is to design and build security in from the beginning: threat ...

Read More »

Dev-Sec.io Automated Hardening Framework

software-development-2-logo

Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their IT infrastructure. These tools allow engineers to programmatically define how systems are set up, and automatically install and configure software packages. System provisioning and configuration becomes testable, auditable, efficient, scalable and consistent, from tens to hundreds or thousands of hosts. These ...

Read More »

DevOpsDays: Empathy, Scaling, Docker, Dependencies and Secrets

docker-logo

Last week I attended DevOpsDays 2016 in Vancouver. I was impressed to see how strong the DevOps community has grown from the time that I attended my first DevOpsDays event in Mountain View in 2012. There were more than 350 attendees, all of them doing interesting and important work. Here are the main themes that I followed at this conference: ...

Read More »

Don’t Blame Bad Software on Developers – Blame it on their Managers

software-development-2-logo

There’s a lot of bad software out there. Unreliable, insecure, unsafe and unusable. It’s become so bad that some people are demanding regulation of software development and licensing software developers as “software engineers” so that they can be held to professional standards, and potentially sued for negligence or malpractice. Licensing would ensure that everyone who develops software has at least ...

Read More »

Top 10 Lists for Designing and Writing Secure and Safe Software

software-development-2-logo

If you care about writing secure code, should know all about these Top 10 lists: OWASP Top 10 The OWASP Top 10 is a community-built list of the 10 most common and most dangerous security problems in online (especially web) applications. Injection flaws, broken authentication and session management, XSS and other nasty security bugs. These are problems that you need ...

Read More »

Does DevOps Reduce Technical Debt – or Make it Worse?

devops-logo

DevOps can help reduce technical debt in some fundamental ways. Continuous Delivery/Deployment First, building a Continuous Delivery/Deployment pipeline, automating the work of migration and deployment, will force you to clean up inconsistencies and holes in configuration and code deployment, and inconsistencies between development, test and production environments. And automated Continuous Delivery and Infrastructure as Code gets rid of dangerous one-of-a-kind ...

Read More »

Software Architecture in DevOps

devops-logo

A new book by Len Bass, Ingo Weber and Liming Zhu “DevOps: A Software Architect’s Perspective”, part of the SEI Series in Software Engineering, looks at how DevOps affects architectural decisions, and a software architect’s role in DevOps. The authors focus on the goals of DevOps: to get working software into production as quickly as possible while minimizing risk, balancing ...

Read More »

DevOps is Killing Maintenance. Let’s Celebrate.

devops-logo

DevOps probably isn’t killing developers. But it is changing how people think about development – from running projects to a focus on building and running services. And more importantly, DevOps is killing maintenance, or sustaining engineering, or whatever managers want to call it. And that’s something that we should all celebrate. High-bandwidth collaboration and rapid response to change in Agile ...

Read More »

Can DevOps(Sec) make Software more Secure?

devops-logo

There was a lot of talk at RSA this year about DevOps and security: DevOpsSec or DevSecOps or Rugged DevOps or whatever people want to call it. This included a full-day seminar on DevOps before the conference opened and several talks and workshops throughout the conference which tried to make the case that DevOps isn’t just about delivering software faster, ...

Read More »

Backdoors, Sabotage or Just Plain Stupidity

software-development-2-logo

Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s credentials, might have put a backdoor, a logic bomb, a Trojan or other “malcode” into your application code. And you don’t know it. How much of a real problem is this? And how ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Advanced Java Guide
  • Java Design Patterns
  • JMeter Tutorial
  • Java 8 Features Tutorial
  • JUnit Tutorial
  • JSF Programming Cookbook
  • Java Concurrency Essentials