Saturday, June 14, 2008


Why do large enterprises allow their IT Outsourcing firms to deliver low quality code?

Wouldn't it be interesting if Enterprise Architects didn't have their heads buried in the sand and worked toward the notion of acquiring secure software. Consider the fact that compliance costs lots of money and refactoring code for PCI/DSS and other taxes is expensive. This money is better spent on enabling the strategic intent of the business than wrestling with compliance.

So, why are customers of Cognizant, Wipro, TCS, Infosys and other Indian outsourcing firms still not requesting that the individuals assigned to their account actually understand at least the basics of secure software development? The funny thing is that folks in India actually have great access to user groups such as OWASP but attendance is abysmal. I don't really care about the cultural aspects for non-participation in a community, I do however care that code is written securely in the first place.

Did you know that the folks in Delhi are having a two day conference on application security? I bet pretty much all of the folks who read my blog who reside in India will be busy making up excuses for why they can't attend and even won't lift a figure to encourage others from their firm to participate. Is this what we desire as a behavior model from outsourcing firms...

Links to this post:

Create a Link

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?