Information Security, ITs Abused Step Child

  • Comments posted to this topic are about the item Information Security, ITs Abused Step Child

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • I've found that what you're referring to as an MVP (Minimum Viable Product) is usually a travesty even when it comes to functionality, never mind security.  This is why "DevOps" is so very important but it's NOT the "DevOps" that a lot of people have defined.  My stance is, has been, and always will be that "DevOps" is a culture and not a set of tools to make code deployments faster.  I've found the faster that you deploy code, the more mistakes there are that get "deployed to prod" and, as your article states, one of the mistakes is the severe lack of thoughtful and effective security.

    The only thing is, you're wrong... security isn't the "abused step child" that you claim.  Something cannot be abused if it's not present and that's an all too normal state for security... it's simply not present in this "if it works, ship it" world we live in today.  I say "today" but that's been the major problem for decades now.

    Perhaps we should change an old saying to "Make it work, make it fast, make it pretty, make it secure... and it ain't done 'til it's secure".   It's a shame to have to change it to that because a super important part of "Make it work" has and always will be to make it secure.

    To replay an old warning that I've given time and time again, "If you want it real bad... that's the way you'll get it".  Slow down and do it right.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • You can't tell me I'm wrong. Don't you know who I am?

    Wait. You know exactly who I am.

    Ha!

    No real arguments here Jeff. DevOps is about culture first, not tools. Process supporting people. The tools are just to help out the other stuff. And yeah, total agreement. Security should be a fundamental part of the system.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • Heh... I should have put a smiley-face after the "you're wrong" part just to make sure other's knew the kind of relationship you and I enjoy (although they may never understand the camaraderie between a couple of ol' ex-bubbleheads 😀 ) .

    I also meant to say "great article, Grant" because security is very frequently the last thing people think about instead of the first.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply