Tales from the Crypto
As a developer, I’ve heard a number of adjectives applied to those who practice my craft.
“Rugged” isn’t one I expect to hear very often.
Granted, there are a few who alternate their brief stints of coding with explorations of the far-flung hinterland, but even these never quite seem to fill the “rugged” ideal.
Until today.
Today, I and many of my fellow developers can finally declare ourselves to be “rugged” under the new “Rugged Software Manifesto”.
http://msmvps.com/blogs/alunj/archive/2010/02/10/1756565.aspx
Thursday, February 11, 2010
Subscribe to:
Post Comments (Atom)
I've been waiting to see what would get posted on this blog: after the announcements there hasn't been much if any followup.
ReplyDeleteIt's not clear to me why the software development community needs the "Rugged" initiative (which, by the way, makes me think of good luggage, not reliable and secure software) more than it needs all of the other secure development initiatives already underway. As software developers, especially those that care about security and reliability, we already have a lot of work on the go.
As for the the Agile Manifesto vs the Rugged Manifesto, there is a fundamental and important difference, to me at least. The Agile movement came from within the software development community: by programmers, for programmers. Rugged, like the other security initiatives, is imposed from outside: by security specialists, for programmers. I'm not convinced it will get the buy-in of the development community any more than any of the other good ideas that have been created this way.
I posted about my questions and concerns on my blog,
Building Real Software.
I heard about Rugged Software on the netsec podcast. I'm a software developer with a strong interest in infosec. Rugged makes sense to me, both from the infosec and development perspectives.
ReplyDeleteI'm sorry to see that my post is only the 2nd since you started the blog. OTOH, you haven't posted new blog entries!
--Mark Gordon
Alberta, Canada
Hi I'm Mike,
ReplyDeleteI working on SSDLC models for my organisation with a view to moving away from constrictive Frameworks to more of a "Builder - Breaker Cycle".
I and my Boss are keen on the Rugged Manifesto and how it could be implemented and embedded. I am currently trying to make a Framework or a at least a linear flow to the process.
I also think it ties in nicely to "Anti-Fragile Methodologies because the constant Stressor of Breakers leads to improvements and an Anti-Fragile structure".
I am keen to get the work we are doing into OWASP and support the "Get Rugged Message".
Anyway contact me on my personal E-mail, I would like to discuss how much of this is Open Software license as your Site says some Right's Reserved and I would like to start publishing some of the material I've been producing?