January 30, 2021 at 12:25 am
Comments posted to this topic are about the item Information Security, ITs Abused Step Child
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
January 30, 2021 at 2:58 pm
I've found that what you're referring to as an MVP (Minimum Viable Product) is usually a travesty even when it comes to functionality, never mind security. This is why "DevOps" is so very important but it's NOT the "DevOps" that a lot of people have defined. My stance is, has been, and always will be that "DevOps" is a culture and not a set of tools to make code deployments faster. I've found the faster that you deploy code, the more mistakes there are that get "deployed to prod" and, as your article states, one of the mistakes is the severe lack of thoughtful and effective security.
The only thing is, you're wrong... security isn't the "abused step child" that you claim. Something cannot be abused if it's not present and that's an all too normal state for security... it's simply not present in this "if it works, ship it" world we live in today. I say "today" but that's been the major problem for decades now.
Perhaps we should change an old saying to "Make it work, make it fast, make it pretty, make it secure... and it ain't done 'til it's secure". It's a shame to have to change it to that because a super important part of "Make it work" has and always will be to make it secure.
To replay an old warning that I've given time and time again, "If you want it real bad... that's the way you'll get it". Slow down and do it right.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 30, 2021 at 3:11 pm
You can't tell me I'm wrong. Don't you know who I am?
Wait. You know exactly who I am.
Ha!
No real arguments here Jeff. DevOps is about culture first, not tools. Process supporting people. The tools are just to help out the other stuff. And yeah, total agreement. Security should be a fundamental part of the system.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
January 30, 2021 at 4:01 pm
Heh... I should have put a smiley-face after the "you're wrong" part just to make sure other's knew the kind of relationship you and I enjoy (although they may never understand the camaraderie between a couple of ol' ex-bubbleheads 😀 ) .
I also meant to say "great article, Grant" because security is very frequently the last thing people think about instead of the first.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply