Friday Summary: February 12, 2010
Chris was kind enough to forward me Game Development in a Post-Agile World this week. What I know about game development could fit on the the head of a pin. Still, one of the software companies I worked for was incubated inside a much larger video game development company. I was always very interested in watching the game team dynamics, and how they differed from the teams I ran. The game developers did not have a lot of overlapping skills and the teams were – whether they knew it or not – built around the classical “surgical team” structure. They was always a single and clear leader of the team, and that person was usually both technically and creatively superior. The teams were small, and if they had a formalized process, I was unaware of it. It appeared that they figured out their task, built the tools they needed to support the game, and then built the game. There was consistency across the teams, and they appeared to be very successful in their execution. Regardless, back to the post. When I saw the title I thought this would be a really cool examination of Agile in a game development environment. After the first 15 pages or so, I realized there is not a damned thing about video game development in the post. What is there, though, is a really well-done examination of the downsides with Agile development. I wrote what I thought to be a pretty fair post on the subject this week, but this post is better! While I was focused on the difficulties of changing an entrenched process, and their impact on developing secure code, this one takes a broader perspective and looks at different Agile methodologies along a continuum of how people-oriented different variations are. The author then looks at how moving along the continuum alters creativity, productivity, and stakeholder involvement. If you are into software development processes, you’re probably a little odd, but you will very much enjoy this post! On to the Summary: Webcasts, Podcasts, Outside Writing, and Conferences It’s the week of Rich Mogull, Media Giant: First, Rich is on the cover of the March issue of Information Security Magazine Then, Rich managed to snag the cover story in this month’s Macworld magazine. It’s all about security issues for consumers, and is only mildly Mac-specific (How cool is it to be at Macworld and have the cover of the magazine at the same time? Congrats Rich! –Adrian) (Are folks there carrying around ‘your’ issue? Has anyone asked you to sign one, or a body part? –Chris) Rich’s cover handily eclipsed the print appearance of Chris’ Google Voice piece (page 56). And, lest he be accused of being an old media lackey, Rich wrote a TidBITS article on iPads in the enterprise. Adrian’s Dark Reading post on Amazon SimpleDB. Favorite Securosis Posts David Mortman: Misconceptions of a DMZ. Mike Rothman: Adrian’s post on People over Process. This may be the best piece written on the blog this year. Just awesome. Rich: Adrian’s post on SDL and Process. Adrian Lane: Mike’s post on The Death of Product Reviews. David Meier: This week’s Incite. Other Securosis Posts Database Security Fundamentals: Database Access Methods Choose Your Own Whitepaper Adventure (and Upcoming Papers) Network Security Fundamentals: Correlation Counterpoint: Correlation Is Useful, but Threat Assessment Is Fundamental Litchfield Discloses Oracle 0-Day at Black Hat FireStarter: Admin access, buh bye Counterpoint: Admin Rights Don’t Matter the Way You Think They Do RSVP for the Securosis and Threatpost Disaster Recovery Breakfast Kill. IE6. Now. Favorite Outside Posts Rich: Gunnar nails the truth on our relationship with China. Before you start touting terms like ‘cyberwar’, you need to understand the economics of the situation. They pwned us, and it has nothing to do with technology. David Mortman: Answering APT Misconceptions. An unmuddying of some of the APT waters. Hallelujah! Mike Rothman: Making Progress Matters Most. Bejtlich gets at the heart of keeping team members engaged and productive. Get the fsck out of their way. Adrian Lane: Martin’s post on PCI Compliance and Public Clouds. Despite the site advertisements, it was my favorite this week. Project Quant Posts Project Quant: Database Security – Masking Project Quant: Database Security – WAF Top News and Posts FEDs want cell phone tracking. And who wouldn’t? Critical Adobe Update. Dave Lewis at LiquidMatrix calls out an anonymous vendor for factually-incorrect FUD. This is a short but important post. Just today I got an email from a vendor who wanted to tell me the “top 3 ways DLP fails”. Successful vendors market on the strength of their products, not the (sometimes fictional) weaknesses of other’s. Hackers Steal $50k; bank says ‘tough’. Microsoft calls for Congress to get involved with cloud computing security. Since they can’t even agree on the best way to run the country into the ground, I’m not expecting any government action. Mudge hits DARPA. This could be exceptionally good, depending on where he starts dropping the cash. Blog Comment of the Week Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to ds, in response to Rich’s Counterpoint: Admin Rights Don’t Matter the Way You Think They Do: I think that this post is dangerous. While many will understand the difference between removing admin rights from a desktop for the user and restricting/managing admin rights for sysadmins, the distinction isn’t explicitly stated, and some may take this to mean dealing with admin rights isn’t necessary as a blanket statement. Share: