As web developers our applications are vulnerable to a number of security holes (xss,
sql-injects,etc...). I'm a firm believer that if you're writing an app it should be
protected from all of these well known vulnerabilities. However, I'm having a hard time
convincing my team (and management) that it's worth the effort.
This leads me...
Look at the picture above. This could be a programmer going to be hit by a bus. According to Wikipedia, in software development a software project's "bus factor" (or "bus hit factor") is
an irreverent measurement of
concentration of information in a
single person, or very few people. The
bus factor is the total number of key...
Clearly, software projects are different from other industries in terms of many things like for instance, quality assurance, project progress measurement, and many other things.
Unique characteristics of software projects also makes the risk management process unique. Lots of issues in a project might lead it to unacceptable delay or f...
We're a small web development business and we eventually want to release web applications as well. Right now, we're doing some risk assessment and would like to know what other companies do for security and risk management. What are your risk management strategies and practices, technical and otherwise?
Here's what I have so far (and I'...
What is the difference between risk analysis and risk mitigation and when(before coding or after coding?) and by whom(QA/analyst/developer?) should they be performed in the Software Development Life Cycle?
Opinions, links or document templates would be helpful.
EDIT
If I follow meade's comment:
"According to Tom DeMarco - Risk Manag...
Hi,
I'm about to start working on a "Software as a Service" website project. This is the first project of this kind I am going to work on, so while I am trying to anticipate any possible risks, I'm sure there will be many more I will not take into account.
Does anyone know of a suitable risk profile boilerplate for this kind of proje...
Hi, I just stumbled on a principle I can't understand.
Does "Test what you fly, fly what you test" mean that you should develop
and test for the real thing all the time?
Thinking about this, make me wonder
Should we prepare for production conditions in advance?
Should we launch the system on day one? (may be not inform end users)
...
Assume that you leads team of 4 developers. How often would you estimate the risk of the project? What do you think about the daily estimation? Do you think that the daily updates of the potencial problems (based on the morning stand-up meetings with the team) released as a short summary e-mail is good idea? Maybe you would consider an a...
I'm looking for my own research for sources that look at software as a way to manage risk. I don't mean risk management for software development projects, I mean how working software can automate the management of risk.
My interest is more philosophical: how do people put software in action to practically get control over factors that o...
Please provide your inputs as management perspective. What initiatives one should take to make sure every project manager is following risk management processes. I would like to follow Risk Driven Project Management across all projects? what should I do to implement RDPM successfully in my org? What are the approaches?
...
After almost two years of using DVCS, it seems that one inherent "flaw" is accidental data loss: I have lost code which isn't pushed, and I know other people who have as well.
I can see a few reasons for this: off-site data duplication (ie, "commits have to go to a remote host") is not built in, the repository lives in the same director...
Does anyone have any good stories of these kinds of organizations being open to using open source dependencies (and also tools). Many staff I've encountered have little or no exposure to open source/systems and open source is treated with great suspicion. Some reasons given for this are lack of support and robustness, which is ironic gi...
I currently work in an organization that forces all software development to be done inside a VM. This is for a variety of risk/governance/security/compliance reasons.
The standard setup is something like:
VMWare image given to devs with tools installed
VM is customized to suit project/stream needs
VM sits in a network & domain that i...
I am trying to implement Rails as a Asset Management/Risk Assessment system. I have been trying to work out the best way to model this.
A picture of what I am thinking right now.
I would like to automate as much of the treating process as possible. Ideally, someone would fill in the information for a new asset, and rails would fill...
Risk management is defined trough several processes that pretend to identify and control the possible risks that may affect the succes of a project. The most common methodology for RM is Failure Mode Effect Analysis. Does anybody know some other methodologies used in the management of risk??
...
what should be the most important points to analyze from the economic point of view? Of course I mean if the project is a software development or implementation
Hope someone can understand my question. Thanks
...