Rietta.com Security


Topics Index

(1) Who is Rietta?

What type of work situations are a good fit for your team?

Rietta believes that the best projects are accomplished through solid team work and with mutual respect. That is that our developers respect you and your company and that you respect us as a trusted development partner.

When we agree to work with you as a client, we schedule development time to build or integrate the technology that you need. We believe in providing transparency to you about the status of your project through various tools, including the GIT revision control system, and other collaborative tools.

However, it has been our experience that projects get off track when a client insists on micromanaging the development process or has a habit of calling in the middle of the night or on weekends looking for status updates. For such people, there are many other development companies, with more junior experience, who will be happy for that business.

Can I visit you in person?

We can meet with you in Atlanta or Nashville by appointment. To schedule an appointment, please e-mail us and we’ll set something up.

Where are you located?

Rietta is located in the city of Johns Creek, near Atlanta, Georgia. We’re in the in the central hub for the tech industry on the east coast. It is home to the Georgia Institute of Technology, Georgia State University, and the world’s busiest airport.

How long have you been doing this?

Frank Rietta founded the company in January, 1999, as Rietta Solutions. We have since become Rietta Inc. and grown the team. So we’ve been at this for over 15 years!

Is Rietta actively involved the Ruby community?

Yes, our company is very active in the Ruby on Rails community in Atlanta and Nashville. Additionally, we sponsor the video lecture series for the Atlanta Ruby Users’ Group, which is made available free to the world on the ATLRUG YouTube Playlist.

For more on our community involvement, see Listen, learn, and give!

(2) Project Planning

How long does a project usually take to complete?

A small project might take two to four weeks to complete. Medium to large projects often require two to four months, though projects that involve many data models and complex interactions could take longer. Minor changes and maintenance projects might need as little as one afternoon.

For bigger projects, we like to have an initial public release of a “Minimal Viable Product” as a key milestone. That way, even though the entire project might take 4 months, we can bring you online with a basic service 1 or 2 months earlier.

When we are both happy with the results, your project will be done.

Will you give me a fixed bid on development?

We do iterative development on projects in weekly iterations, that are billed on an weekly basis. The team delivers each Friday, the new features and changes that are promised in the planning session for the iteration.

Projects have budgets and we work with your management team during the planning phases to define the scope and arrive at a budget for the project.

Someone else said they’ll develop my website cheaper. Will you match their price?

No matter what your business is, someone else will always be willing to do it cheaper. Cheaper doesn’t mean better, it just means “cheaper”.

Our developers have solid computer science backgrounds and years of relevant experience in the field. Because we believe in paying them well for quality work, we charge a professional, competitive rate for custom software development services, and we’re worth every penny.

In short, the answer is “Sorry, but no.”

(3) Security

How does Security factor into your development work?

Security is a fundamental part of our development process and is considered at each step of a project. To us, its not just a functional requirement, it’s a major requirement.

What security credentials do the members of your team have?

Our security consultants have relevant degrees in Information Security (or Information Assurance) or have passed the CISSP examination process.

Can your team help my company implement credit card security and the PCI-DSS requirements?

Yes, we know about the requirements of the Payment Card Industry Data Security Standards (PCI-DSS) and can help your company comply with them.

What is a cryptographically-enforced one way information flow?

Web interfaces that collect really sensitive information, such as insurance applications, drivers license scanners, and such should act like a diode. Information only goes in one way and cannot come back out the front end. This is accomplished by using public key cryptography, such as OpenPGP to encrypt records that are batch copied to another system for back office operations. The key to decrypt the data is never present on the publicly facing server and thus a compromise of the server is not a data breach.

To learn more about one such system, that includes an automatically enforced retention period as well, see the drivers license example at the 26m mark of Understanding & Defending Against Data Breaches, as a Practicing Software Developer. (youtube.com). The playground application in Ruby on Rails can be found at GpgMeTest.

(4) Process

Why do you Pair Program?

We prefer strongly to do development in pair programming because it facilitates the clear communication and focus needed to consistently deliver the best quality code to clients.

Brandon Dees and Frank Rietta have talked publicly about the benefits of Remote Pair Programming, for more information see Why & How We Remote Pair Program (2013).

Or watch the video on this 48 minute talk on YouTube here:

Good programming is ultimately about teamwork. It requires continual communication and mutual respect.

What online collaboration tools does your team use?

We use a variety of tools to manage the development process. For source code revision control, we prefer to use Git. Our company maintains a github.com account for repository hosting. We use Google Docs for project documents, which are also shared with you.

(5) Intellectual Property

Who owns the code that is developed for my company?

The details are covered in the Master Services Agreement. In general, you own the code that was developed for your project once you have paid for it. We own our background technology – a “development toolkit”, if you will – that is used to make developing your custom application faster and more cost efficient. Any open source software, such as Linux, Ruby, Rails, and various gems or libraries, are owned by their respective copyright holders.

What if I want to control the source code for my project?

While we do provide source code hosting as a convenience to our clients, we want you to be in control of your project. The easiest way to get setup is to sign up for a Small plan on Github. That will allow you to host several private projects and have enough private collaborators for our team to work on your code. We’re familiar with this tool and can help you set your account up if you would like.

What type of open source licenses do you use?

Our team is very experienced in working with an open source software stack. For development libraries, we use code that is licensed under a BSD license or LGPL. For client projects, we will not link a GNU Public License (GPL) library into your application in such a way that your project would have to be itself licensed under GPL without your explicit written permission.

We are not lawyers. For more information about Open Source License agreements, please see the Open Source Initiative.

(6) Technology Stack

What environments does your team deploy applications to?

You can choose to host your web application on any of the providers which support the latest versions of Ruby and Ruby on Rails.

For cloud hosting, we prefer to work with the Rackspace Cloud and Amazon S3.

As a Rails shop, we have have experience working with both Heroku and Engine Yard. There are pros and cons to each.

Please feel free to contact us for a run down of the differences.

Do you work with PHP?

Yes, our developers are also experienced with PHP. We support it for legacy applications and for legacy interoperability with Rails-based web applications.

Do you prefer Rails or Sinatra?

We prefer to use the best tool for the job. Sinatra is a wonderful, light-weight Ruby-based platform. It works through RACK on either the Nginx or Apache web servers.

For general development, however, Rails tends to provide more long-term flexibility. We prefer to use Rails, unless there are clear performance reasons to use a smaller framework.

What version of Ruby and Ruby on Rails do you prefer?

We like working with the best new technology available. At the time of this writing, we are using Rails 3.2 on Ruby 1.9.3 as our development platform of choice.

What about JRuby?

JRuby is an excellent Ruby than runs in a Java Enterprise Environment. You have to pick your gems a little differently, but overall we love it. It’s a great tool for some of our clients.