One of the troubling things to me about the Scaled Agile Framework (SAFe) was it’s increasing tendency towards an all-encompassing view of “the things you could do.” It had begun in my mind at least to resemble the Rational Unified Process (RUP) from years ago, even down to the interactive website nature of the SAFe website. The problem with RUP wasn’t that it was wrong or bad, it was that it was a complete toolbox, and required that you select the tools that were required to do your job. In many environments that resulted in oversized process, particularly in environments where teams were afraid of being blamed for failure, and for getting blamed for not doing something that in hindsight might have saved the otherwise doomed project. Read more



Larger enterprises usually have several environments. There’s obviously the production environment, and usually a testing and QA environment. Many will also have a stress testing/staging environment, which is a close facsimile of production, used to characterize the performance of the solution being built/maintained.

A common problem is testing data. As a matter of good hygiene, it’s a good idea to use testing data in environments other than production, and there may be strong regulatory or other motivations to do that (think HIPAA requirements, Payment Card Industry (PCI) requirements, Personal Health Information (PHI) and Personally Identifying Information (PII)).

Opposing this desire for scrubbed, faked or otherwise testing-only data is the idea that the best data to test with is production data, because of the volume and diversity of the data. How then do you reconcile the desire for consistent, production volume data in lower environments while still preventing access to sensitive data by people who really have no need to see it? Enter Format Preserving Encryption, or FPE. Read more



BBC News is reporting on researchers’ announcement of the discovery of a very sophisticated piece of malware, called Project Sauron. Of particular note is how long the malware has remained undetected (five years) and the sophistication of the malware, which can jump the so-called “air gap” to computers not connected to the internet. Highly secure computers are typically air-gapped to prevent or complicate attack and exfiltration of data, and Project Sauron is an interesting example of the lengths to which a (likely state-sponsored), sophisticated attacker can go to get at the systems they want to compromise.

[via BBC News]


WP Themes