There are many great lessons in Randy Pausch's Last Lecture, but one of my favorites is this observation, he's talking about a show where the students demonstrate their work on building virtual worlds in front of the audience each year
People used to say, you know, what’s going to make for a good world? I said, I can’t tell you beforehand, but right before they present it I can tell you if the world’s good just by the body language. If they’re standing close to each other, the world is goodThat is a very important observation and it reminds me of one of my favorite Kent Beck quotes where he says that he used to think of programs as things, but shifted to seeing programs as shadows cast by communities.
These two observations say a lot about the state of enterprise software, the communities that design, deploy and manage enterprise software are often riven by bureaucracy and politics. And sadly the program shadows that are cast by this community frequently reflect this.
In security you rarely see the security team "standing close" with development teams, and this isolationism is a chief reason why the infosec world has had such limited success in delivering security services to systems.
The "Gunnar Hug" model for application security... ;-)
Posted by: Pete | November 18, 2009 at 11:26 AM
Superb!
Posted by: mark curphey | November 18, 2009 at 12:53 PM
Isn't this just "can't we all just get along?"
Posted by: Someone | November 18, 2009 at 05:26 PM
@Someone no its nothing like can't we all get along, its lets build it together, some of the most productive teams have the most spirited debates.
its about having a common goal of building better stuff, with both dev and security buying in, otherwise you have one group building and another group whinging
Posted by: gunnar | November 18, 2009 at 06:17 PM
So if you want to build something with security you should think about and consider security when you're building it?
I think I've seen that said before.
Sorry, I love your work ordinarily but this one seems like it's mobius strip logic.
Posted by: Someone | November 18, 2009 at 07:43 PM