I was listening to the latest OWASP podcast this morning and thinking about mismatches between my own beliefs about technology and the beliefs I experience in the workplace (past and current).
- I subscribe to the Jericho mindset -- there is no longer such a thing as a "protected internal network", every layer of a networked environment should be built to survive in the wilds of the Internet.
- I also subscribe to the ideas set out in the Rugged Software manifesto -- security should be built into software development because it has to be, and doing it well should be a point of pride for developers.
- Many technology people believe that constantly moving to bleeding edge technology makes things better. In production environments that need to work I prefer using the "scabby edge" -- technology that's a year or so old, with all updates since release. It's more reliable, better documented, and will generally work better. Moving to new technology all the time just means early adopter issues over and over.
- Agile is a great software development methodology, but it's not a great general project management methodology. Maybe I'll write a separate post about my experiences with this.
- Outsourcing all your internal collaboration tools and tracking systems to web providers is great for reducing operations load, but not good if your Internet access goes away.