Why Software Testing Is Key to DevOps
Implementing Continuous Delivery in the Federal Government
One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. However, many fail to include quality components in their practices. Continuous deployment without quality is just delivering continuous bugs. Here’s why software testing is an essential part of DevOps.
Agile and DevOps Bring the Focus Back on Quality
Federal agencies generally have more regulation, slower processes, and a command-and-control style of bureaucracy. How does it work when trying to foster agility and implement a continuous delivery model? Gene Gotimer relates his experiences and challenges with encouraging a culture change in federal government.
Continuous Security in Agile Development
I’ve had the privilege (and the many challenges) of working in IT for more than three decades. Early in my career I tended to accept things as they were presented, following the techniques, processes, guidelines, and approaches I was taught by my peers and managers. As I gained experience and wisdom, I became a better independent thinker and started to connect the dots and ask questions.
Continuous Improvement Activities beyond the Retrospective
The word continuous gets thrown around a lot when talking about agile and DevOps. One area that often doesn’t get enough attention is how to continuously build, test, and deliver secure applications.Just like for quality, you can’t test security in, so you need to have a plan for how to build it in from the ground up. Here are some tips on how to do that.
The Agile Manifesto Principles: Self-Organizing Teams
One of the principles behind the Agile Manifesto is “At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly.” Unfortunately, many associate that practice with performing team retrospectives at the end of a sprint, or periodically in kanban. But if you seek to build a high-performing team, there are more improvement activities you should consider adopting.
The Value of Security Testing in QA
The best architectures, requirements, and designs emerge from self-organizing teams. The cultures that are trying to adopt agile are usually command-and-control, because most organizations are. This means that there’s a boss who tells their subordinates what to do, and then those subordinates tell their subordinates what to do. Agile attempts to flip that script upside […]
What is agile, part 1
For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Building a Node.js REST Microservice: Part Two
Today in class, one of my students asked the seemingly straightforward question, “what is agile?”. This got me thinking – what is the most fundamental aspect of agile? My unorthodox view is that agile is simply the name given to the bundle of values and principles that result in more successful outcomes in software development. […]
FIDO2…It’s Getting Real
Introduction This is the second part of a series of tutorials focused on the process of creating, deploying, and consuming a Node.js REST microservice. In part one of this series, I walked through the initial creation process. I demonstrated how to leverage Node.js and just a few modules to create a functioning REST microservice. While […]
In this article, you’ll get an overview of the motivations behind the FIDO2 (Fast Identity Online) effort and how it works, a walk through of some popular use cases, who the players are behind the specification, and finally, where FIDO2 is headed. State of Affairs Passwords are real problem. They’re hard to remember and they […]