Feeds:
Posts
Comments

Archive for the ‘Outsourcing’ Category

Beth Bachelor’s article “Outsourcing App Dev Requires Strong Partnership with Providers” cover the third wave of outsourcing – Outcome-oriented Engineering. Beth contends that if you are not on the same side of the business proposition (outcome oriented), then outsourcing often fails.

Please check it out and let me know what you think.

Read Full Post »

This week, the top 30 US and international cyber security organizations (e.g., Red Hat, EMC, Apple, MSFT, NSA, etc.) jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. What this joint team found was that most of these error were NOT well understood by programmers, across all types of organizations (big/small, insource/outsource, etc.). Equally important is that these errors are all appropriate for both SOA and SaaS developmental activities.

I think it important for use to share these findings with your development teams, assess our current developmental activities, and educate your teams on the principles found in this study. Also, we each have an have an opportunity to show some thought leadership and participate in a technical area that is not currently owned by too many organization. Below I have the link to SANS (information security authority) which not only contains the top 25 programming errors, but also an excellent set of resources (from Mitre) to help identify and address these issues.

Findings Ref: http://www.sans.org/top25errors/

Read Full Post »

Outsourcing Blamed for Rising Security Woes

John E. Dunn, Techworld, April 08, 2008, stated that “trend to outsource the coding of applications is now a major contributor to making business software more vulnerable.” I confronted his position with this reply:

It is unfortunate that outsourcing is becoming the proverbial scapegoat of our globalized time. It is easy to find faults in any complex business processes, especially if you don’t like them to begin with or don’t understand how they work in detail. In this case, this article appears to be the later. It’s even easier to pile on a politically charged topic to further your advantage. It’s also a shame. But the truth is from a marketing perspective fear works.

But let’s get back to the issue of outsourcing and security. There is a big difference between Causation and Correlation. The mere fact that I wore my black shoes on days that it rained does not mean my black shoes caused the rain; it is just pure correlation. Quocirca’s leading argument that 90% of organizations admitted being hacked had outsourced more than 40% of the development might be a correlation, but it is certainly not causation. As a matter of fact, just the opposite implication is true.

Today, more investments are made in security processes and technologies by outsourcers as compared to those who purchase outsourced services. If an outsourcing firm doesn’t have the highest levels of security they’re out of business. One major snafu and the entire client base may up and leave. So the investments that are made in both creating a transparent environment and infrastructure is the first order of business. If you’re considering purchasing outsourced services, do so, but be careful on who you choose. There are many who offer outsourced development, but only a few that deserve your business.

If you’re still concerned, follow Reagan’s “Trust but verify” mantra during outsourcing governance meeting and due diligence activities. Causation is much different than correlation.

— Check out the original article here

Read Full Post »