Just this week, Security Professionals Magazine is reporting a data breach of three thousand unencrypted medical records, names, and social security numbers. For want of choosing “Encrypt this Drive”, Humana and one of it’s associates have put thousands of customers at risk of economic harm.
As my team and I work towards a major deadline this week, I am reminded at how easily last minute thrashing sneaks into a project that has many stakeholders involved. This is a challenge that a properly run Agile project should be able to minimize, but it seems to always be there.
I had no fewer than three separate conversations yesterday about the importance of Defense in Depth in the context of building out a comprehensive plan to secure a web application and its environment. In light of that, I wanted to share with you the basic concept and point out some places to read about this big idea in security.
Photo: A combination door lock is one possible countermeasure in a layered security approach, but there is so much more to defense in depth.
In Outliers, Malcolm Gladwell posited that 10,000 hours of practice are what it takes to achieve mastery in a field.
Well, Joe Moore (@joem on Twitter), the owner of remotepairprogramming.com, has blown past that mark on the subject of pair programming practices and the impact those practices have on real software projects.
He has pair programmed for 27,000 hours and the audience at RailsConf 2014 asked him anything!
My new Code Keyboard Tenkeyless (87-key without a Number Pad) arrived this week from WASD Keyboards!
It should make a good keyboard for professional programmer who is typing 40 or more hours per week, 50 weeks per year. The Cherry Green keys have a 80 gram actuation force, that makes for clean, crisp keystrokes at full typing pace. The heavier resistance helps avoid bottoming out the keys, which is one source of typing injury.
Photo: My New Code Keyboard from WASD Keyboards with a Banana for Scale.
Yes, I use the pencil drawer in my old-school teacher’s desk as a keyboard tray with the help of some older thick computer books.
Brandon Dees (@brandondees) and I are both really big security geeks when it comes to technology. We are both really into bringing multi-factor authentication as standard equipment to the applications that we build. With something you have, and something you know, instances like the Buffer app breach can be mitigated in many circumstances.
Major Vulnerability, Action Required. A major vulnerability for OpenSSL 1.0.1 was announced today, April 7, 2014. The Heartbleed Bug, CVE-2014-0160, is a major vulnerability that may lead to secret key disclosure. A discussion of this vulnerability can be found on the Hacker News thread on the Heartbleed vulnerability.
As tax season rolls around, it is important to keep an eye on the tax credits that are available to startups. These credits are easy to forget because it is not something that just anyone can claim on their business tax returns. But as startup company or an existing business building software that has a risk of failure, the government wants to provide financial incentives you to build it within the United States.
Each year, one of the better credits that are available to companies commissioning a custom software development project is the Federal Research & Development Tax Credit. The IRS publishes its Audit Guidelines on the Application of the Process of Experimentation for all Software.