Thursday, January 08, 2009
Project Management, Security and Enterprise Software Development
Misc ramblings on an observation of how large enterprises develop software...
My day job is related to security and sometimes even I am blissfully ignorant of security. I sometimes wish that I could work for the federal government or at least use their tactics in that they have been busy pushing application security for the past several years to projects.
Within large enterprises security still is a second class citizen, but not in the Federal government. Security officials can disconnect an application from use if they deem the application insecure. Unlike the federal government, large enterprises that practice indian outsourcing tend to drop code developer supervision.
Even if you aren't outsourced, American developers nowadays have had to take more responsibility for their scheduling, cost estimating, etc, while I deal with application security rules and regulations. Most developers don't seem to like that.
Although This sort of fits in with modern management processes of pushing decision making to the lowest level, it can cause issues with old-style middle management pointy-haired bosses. Maybe if they helped with the security...
| | View blog reactionsMy day job is related to security and sometimes even I am blissfully ignorant of security. I sometimes wish that I could work for the federal government or at least use their tactics in that they have been busy pushing application security for the past several years to projects.
Within large enterprises security still is a second class citizen, but not in the Federal government. Security officials can disconnect an application from use if they deem the application insecure. Unlike the federal government, large enterprises that practice indian outsourcing tend to drop code developer supervision.
Even if you aren't outsourced, American developers nowadays have had to take more responsibility for their scheduling, cost estimating, etc, while I deal with application security rules and regulations. Most developers don't seem to like that.
Although This sort of fits in with modern management processes of pushing decision making to the lowest level, it can cause issues with old-style middle management pointy-haired bosses. Maybe if they helped with the security...
