Sep
12
Spike Abuse
September 12, 2016 | Leave a Comment
It’s interesting to me that after years of working with teams on Scrum adoption, I see some of the same patterns repeatedly. One of those is what I call “Spike Abuse.” Let’s start with what a spike is, then we can talk about how they get misused by some teams.
The Agile Dictionary defines a spike as “A story or task aimed at answering a question or gathering information, rather than at producing shippable product.” Said another way, it’s a story that results in knowledge (and sometimes other user stories), not in working software. Since our primary measure of progress in a project is working software, we should minimize the number of spikes we use. Sometimes however spikes get pressed into service in ways they shouldn’t be. Read more
Sep
8
My Latest Article on Agile and Security
September 8, 2016 | Leave a Comment
I’m happy to announce that my latest article, “Why Johnny Can’t Write Secure Code” has been published in the September/October issue of InfoSec Professional Magazine, a publication of (ISC)2, the International Information System Security Certification Consortium.
Intended primarily for InfoSec professionals with limited exposure to application development, the article is an explanation of modern Scrum/XP project management, with advice on how to work with teams using these techniques. You can get a copy of the article (and previous ones I’ve written) from the Resources page on my website.
Blogroll
- Ars Technica
- Dark Reading - IT Security
- Help Net Security
- InformIT
- SANS Internet Storm Center
- Schneier on Security - Dr. Bruce Schieier’s blog
- Security Info Watch
- What to Fix - Daniel Markham, fellow consultant
- Wired Gadget Lab
- Wordpress Documentation
- WordPress Planet
- Wordpress Support Forum