Security, Safety, and Programming

I asked this question on LinkedIn: “What kind of medium severity bug would you rather have in your system?” The options that I gave were 1)a feature bug and 2)a security bug.

While I only ran the poll for a week and didn’t heavily promote it to get more views on it, the handful respondents were unanimous: they would rather have a feature bug. I am not at all surprised by that result. This article will explore that a little bit and dive into a common cause of security bugs.

BOMs away!

As cyberattacks have increased over the last several years, governments have begun responding in a variety of ways. One way has to been to start setting standards for cybersecurity practices that organizations should implement. The US government rolled out Executive Order 14028 which, among other things, includes a requirement for US federal contractors to provide a sofware bill of materials. What is a software bill of materials (SBOM) and why should you care even if your are not providing services to the federal government?

Have You Read Your Cyber Insurance Policy?

Every organization should have a cyber insurance policy. It will help you recoup your losses and get back to business after a cyber attack. These policies are increasingly expensive and complex. In the last year or so, I’ve also talked to many technology decision makers who have never read their policy and were not part of the process of applying for insurance. I can’t blame them, a policy can be over 50 pages long. Yeah, this post is just going to be a PSA about your policy and some things you may be required to do.

Software Licenses, Open Source, & You

Software developers and leaders, including myself, are not usually lawyers. That doesn’t exempt us from knowing the basics of how the law protects intellectual property(IP) like source code or how to properly protect our own IP and use the IP of others. In this article, I focus on Open Source software, how it is protected by copyrights and licenses, and little bit on what to expect if you start creating your own Open Source Software.

Published: Design Your Software Organization Using Conway's Law

I just finished reading Team Topologies by Matthew Skelton and Manuel Pais. While many of its recommendations are geared towards organizations with a large software development organization, I found a lot of great insight for anyone who is part of developing software with more than one or two other people. Team Topologies relentlessly applies Conway’s Law and the “Reverse Conway Maneuver” to building an organization. Conway’s Law simply states that the systems built by an organization will reflect the way that organization communicates. The “Reverse Conway Maneuver” is an application of Conway’s Law: if you want to build a system with a certain architecture, then you need to build the organization to fit that architecture. I discuss this more in Design Your Software Organization Using Conway’s Law.