Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken (and a bottle of nice wine for the thirsty chef). I needed a quick start and an on-time finish. Or it would be another failed product delivery — followed by a rapid desire by my family to outsource.
Its not everyday I can stop to enjoy my afternoon tea outside on my deck, overlooking my garden. But today I did and while admiring my beautiful blooming flowers, I started to draw some parallels between my garden and software development. Full disclosure, I wouldn’t consider myself a true gardener. I buy plants that have already been cultivated to a mature stage on someone else’s farm or in someone else’s greenhouse.
Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next Heartbleed?” The long answer, as Run DMC once said, is “It’s Tricky, Tricky, Tricky, Tricky”. The TL/DR (too long/didn’t read) answer is “No”.
Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year. Now that I’ve had some office time to digest this, I figured no better time to share my thoughts. I am not going to cover all sections, but do want to highlight a few things that stuck out to me