Like most people who’ve played it, I love Tetris. I still remember playing it for the first time on a friend’s Nintendo Game Boy. Not only is Tetris one of the best games of all time, it’s an excellent analogue for technical debt. The impacts of technical debt are something I’m deeply familiar with — I deal with them every day.
I’ll also share a personal story of how my team and I reduced technical debt in some billing code, fixing a $1 million-per-year bug.
I’ve long said that security is inversely proportional to convenience. While I still believe that to be true, there are plenty of simple things you can do right now that will help to improve the overall security of your company without sacrificing productivity. Here are a few examples which I frequently share with my clients.
Use an issue tracker and start the habit of filing a ticket for everything — this gives you the ability to look back at any point in time at what needed to be done, why it was done, and by whom.
I’ve written before about why I think security culture is important. In that article, I mentioned that some of my clients are surprised that I don’t audit their product code. Here are three reasons why:
Are you the type of person who always wears their seatbelt, I hope? If so, you will probably feel uncomfortable without it. The reason you get that feeling is because you’ve spent most of your life building safe habits which makes it weirder to not do it. Building a culture of security at your organization should create the same experience — it should feel uncomfortable for anyone to break their security practices.
These days, an employee can compromise an entire company with a single click. Too many organizations are learning this lesson the hard way. Whether you’re a two-person startup…
Updating session tokens on a high-traffic web service like we have at Optimizely presents several engineering challenges. With the current state of technology, the customer reasonably expects our service to be always-on, so taking it offline for “scheduled maintenance” is no longer an acceptable option. This requires us to perform a live migration of users, maintaining backward-compatibility, all while avoiding any customer-facing service interruptions.
At Optimizely, we’ve recently done this successfully and we’d like to share how we did it and what we learned for the benefit of the global engineering community.
The basic technique we used to do this…
Maker, inventor, engineer, nerd, & author of Security From Zero: Practical Security for Busy People